taniguce

Mcafee Download Site[RESOLVED]

Recommended Posts

Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode open Hijackthis and click scan. Then check mark the following entries

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

Now close all open windows except Hijackthis and click fix checked

Delete the folders. (if present)

C:\WINDOWS\inet20004

  • Please double-click Killbox.exe to run Killbox.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\win_a3.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then post a new Hijackthis log here in a reply also...

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

And do you know what file this is? C:\Program Files\Picasa\pinstall.dll

Share this post


Link to post
Share on other sites
Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode open Hijackthis and click scan. Then check mark the following entries

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

Now close all open windows except Hijackthis and click fix checked

Delete the folders. (if present)

C:\WINDOWS\inet20004

  • Please double-click Killbox.exe to run Killbox.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\win_a3.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then post a new Hijackthis log here in a reply also...

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

And do you know what file this is? C:\Program Files\Picasa\pinstall.dll

1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile.

2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed.

3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding the Hello.exe program. It looks like another spyware. I have a feeling this is also a bad program or something that should be deleted. I also have a Picasa and a Picasa2 folder in the C:\Program Files\ directory of which I do not know anything about. Can I just unistall these programs? Please advise on these.

Hijack Logfile:

Logfile of HijackThis v1.99.1

Scan saved at 3:42:17 PM, on 10/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

********************************************************************************

******

Uninstall_list.txt:

Adaptec DirectCD

Adaptec Easy CD Creator 4

Ad-Aware SE Personal

Adobe Acrobat 5.0

Adobe Download Manager 1.2 (Remove Only)

Adobe Photoshop 6.0

Adobe Reader 6.0.1

Adobe SVG Viewer

Arabic Language Support

ATI - Software Uninstall Utility

ATI Control Panel

AVG Anti-Spyware 7.5

AVG Free Edition

Backpack Driver

By Design Home

CCleaner (remove only)

Chinese (Simplified) Language Support

Chinese (Traditional) Language Support

Eudora

Galaris Musicians Directory 2005

Hebrew Language Support

Hello (remove only)

HijackThis 1.99.1

HP DeskJet 930C Series (Remove only)

HP PhotoSmart Photo Printing Software

HydraVision

Intel HaM Modem Drivers and Utilities

J2SE Runtime Environment 5.0 Update 6

Japanese Language Support

Keynote Connector

Korean Language Support

Kova-Solutions jBackup

LSP Explorer plug-in for Ad-Aware SE

Macromedia Dreamweaver

Macromedia Flash Player 8

Macromedia Shockwave Player

McAfee Firewall

McAfee VirusScan Home Edition

Microsoft Data Access Components KB870669

Microsoft Office 97, Professional Edition

Microsoft VGX Q833989

Mozilla Firefox (1.5)

Offer Optimizer

Outlook Express Q837009

Paint Shop Pro Shareware Version 3.11

Panda ActiveScan

Pan-European Language Support

Picasa 2

Pop-Up Stopper Free Edition

RealPlayer

RegScrubXP 3.25

Shopping Wizard

Sound Blaster AudioPCI

Spybot - Search & Destroy 1.3

SpywareBlaster v3.5.1

SpywareGuard v2.2

STOMP Backup MyPC

STOMP Backup MyPC Update Manager

Thai Language Support

Tweak-SE plug-in for Ad-Aware SE

VIA Audio Driver Setup Program

Windows XP Hotfix - KB823559

Windows XP Hotfix - KB828741

Windows XP Hotfix - KB833987

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB835732

Windows XP Hotfix - KB840987

Windows XP Hotfix - KB841356

Windows XP Hotfix - KB841533

Windows XP Hotfix - KB842773

Windows XP Hotfix - KB873376

Windows XP Hotfix - KB887822

Windows XP Hotfix (SP1) [see Q329048 for more information]

Windows XP Hotfix (SP1) [see Q329390 for more information]

Windows XP Hotfix (SP1) [see Q329441 for more information]

Windows XP Hotfix (SP1) [see Q329834 for more information]

Windows XP Hotfix (SP1) Q329170

Windows XP Hotfix (SP1) Q810577

Windows XP Hotfix (SP1) Q810833

Windows XP Hotfix (SP1) Q817606

Windows XP Hotfix (SP2) [see Q329115 for more information]

WinZip

Share this post


Link to post
Share on other sites

Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode open Hijackthis and click scan. Then check mark the following entries

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

Now close all open windows except Hijackthis and click fix checked

Delete the folders. (if present)

C:\WINDOWS\inet20004

  • Please double-click Killbox.exe to run Killbox.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\win_a3.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then post a new Hijackthis log here in a reply also...

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

And do you know what file this is? C:\Program Files\Picasa\pinstall.dll

1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile.

2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed.

3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding the Hello.exe program. It looks like another spyware. I have a feeling this is also a bad program or something that should be deleted. I also have a Picasa and a Picasa2 folder in the C:\Program Files\ directory of which I do not know anything about. Can I just unistall these programs? Please advise on these.

Hijack Logfile:

Logfile of HijackThis v1.99.1

Scan saved at 3:42:17 PM, on 10/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

********************************************************************************

******

Uninstall_list.txt:

Adaptec DirectCD

Adaptec Easy CD Creator 4

Ad-Aware SE Personal

Adobe Acrobat 5.0

Adobe Download Manager 1.2 (Remove Only)

Adobe Photoshop 6.0

Adobe Reader 6.0.1

Adobe SVG Viewer

Arabic Language Support

ATI - Software Uninstall Utility

ATI Control Panel

AVG Anti-Spyware 7.5

AVG Free Edition

Backpack Driver

By Design Home

CCleaner (remove only)

Chinese (Simplified) Language Support

Chinese (Traditional) Language Support

Eudora

Galaris Musicians Directory 2005

Hebrew Language Support

Hello (remove only)

HijackThis 1.99.1

HP DeskJet 930C Series (Remove only)

HP PhotoSmart Photo Printing Software

HydraVision

Intel HaM Modem Drivers and Utilities

J2SE Runtime Environment 5.0 Update 6

Japanese Language Support

Keynote Connector

Korean Language Support

Kova-Solutions jBackup

LSP Explorer plug-in for Ad-Aware SE

Macromedia Dreamweaver

Macromedia Flash Player 8

Macromedia Shockwave Player

McAfee Firewall

McAfee VirusScan Home Edition

Microsoft Data Access Components KB870669

Microsoft Office 97, Professional Edition

Microsoft VGX Q833989

Mozilla Firefox (1.5)

Offer Optimizer

Outlook Express Q837009

Paint Shop Pro Shareware Version 3.11

Panda ActiveScan

Pan-European Language Support

Picasa 2

Pop-Up Stopper Free Edition

RealPlayer

RegScrubXP 3.25

Shopping Wizard

Sound Blaster AudioPCI

Spybot - Search & Destroy 1.3

SpywareBlaster v3.5.1

SpywareGuard v2.2

STOMP Backup MyPC

STOMP Backup MyPC Update Manager

Thai Language Support

Tweak-SE plug-in for Ad-Aware SE

VIA Audio Driver Setup Program

Windows XP Hotfix - KB823559

Windows XP Hotfix - KB828741

Windows XP Hotfix - KB833987

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB835732

Windows XP Hotfix - KB840987

Windows XP Hotfix - KB841356

Windows XP Hotfix - KB841533

Windows XP Hotfix - KB842773

Windows XP Hotfix - KB873376

Windows XP Hotfix - KB887822

Windows XP Hotfix (SP1) [see Q329048 for more information]

Windows XP Hotfix (SP1) [see Q329390 for more information]

Windows XP Hotfix (SP1) [see Q329441 for more information]

Windows XP Hotfix (SP1) [see Q329834 for more information]

Windows XP Hotfix (SP1) Q329170

Windows XP Hotfix (SP1) Q810577

Windows XP Hotfix (SP1) Q810833

Windows XP Hotfix (SP1) Q817606

Windows XP Hotfix (SP2) [see Q329115 for more information]

WinZip

This is an addition to my last reply. I didn't know if I was suppose to create another HiJack logfile after the 3 boxes were checked and deleted. So, I went back and ran another scan and create logfile just in case. I am sorry if I should have done this before I sent you the previous Hijack Logfile. Hope this is not confusing. Thanks for all the help you have been giving me. I really appreciate it.

New HiJack Logfile:

Logfile of HijackThis v1.99.1

Scan saved at 4:26:46 PM, on 10/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

Share this post


Link to post
Share on other sites

Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode open Hijackthis and click scan. Then check mark the following entries

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

Now close all open windows except Hijackthis and click fix checked

Delete the folders. (if present)

C:\WINDOWS\inet20004

  • Please double-click Killbox.exe to run Killbox.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\win_a3.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then post a new Hijackthis log here in a reply also...

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

And do you know what file this is? C:\Program Files\Picasa\pinstall.dll

1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile.

2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed.

3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding the Hello.exe program. It looks like another spyware. I have a feeling this is also a bad program or something that should be deleted. I also have a Picasa and a Picasa2 folder in the C:\Program Files\ directory of which I do not know anything about. Can I just unistall these programs? Please advise on these.

Hijack Logfile:

Logfile of HijackThis v1.99.1

Scan saved at 3:42:17 PM, on 10/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

********************************************************************************

******

Uninstall_list.txt:

Adaptec DirectCD

Adaptec Easy CD Creator 4

Ad-Aware SE Personal

Adobe Acrobat 5.0

Adobe Download Manager 1.2 (Remove Only)

Adobe Photoshop 6.0

Adobe Reader 6.0.1

Adobe SVG Viewer

Arabic Language Support

ATI - Software Uninstall Utility

ATI Control Panel

AVG Anti-Spyware 7.5

AVG Free Edition

Backpack Driver

By Design Home

CCleaner (remove only)

Chinese (Simplified) Language Support

Chinese (Traditional) Language Support

Eudora

Galaris Musicians Directory 2005

Hebrew Language Support

Hello (remove only)

HijackThis 1.99.1

HP DeskJet 930C Series (Remove only)

HP PhotoSmart Photo Printing Software

HydraVision

Intel HaM Modem Drivers and Utilities

J2SE Runtime Environment 5.0 Update 6

Japanese Language Support

Keynote Connector

Korean Language Support

Kova-Solutions jBackup

LSP Explorer plug-in for Ad-Aware SE

Macromedia Dreamweaver

Macromedia Flash Player 8

Macromedia Shockwave Player

McAfee Firewall

McAfee VirusScan Home Edition

Microsoft Data Access Components KB870669

Microsoft Office 97, Professional Edition

Microsoft VGX Q833989

Mozilla Firefox (1.5)

Offer Optimizer

Outlook Express Q837009

Paint Shop Pro Shareware Version 3.11

Panda ActiveScan

Pan-European Language Support

Picasa 2

Pop-Up Stopper Free Edition

RealPlayer

RegScrubXP 3.25

Shopping Wizard

Sound Blaster AudioPCI

Spybot - Search & Destroy 1.3

SpywareBlaster v3.5.1

SpywareGuard v2.2

STOMP Backup MyPC

STOMP Backup MyPC Update Manager

Thai Language Support

Tweak-SE plug-in for Ad-Aware SE

VIA Audio Driver Setup Program

Windows XP Hotfix - KB823559

Windows XP Hotfix - KB828741

Windows XP Hotfix - KB833987

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB835732

Windows XP Hotfix - KB840987

Windows XP Hotfix - KB841356

Windows XP Hotfix - KB841533

Windows XP Hotfix - KB842773

Windows XP Hotfix - KB873376

Windows XP Hotfix - KB887822

Windows XP Hotfix (SP1) [see Q329048 for more information]

Windows XP Hotfix (SP1) [see Q329390 for more information]

Windows XP Hotfix (SP1) [see Q329441 for more information]

Windows XP Hotfix (SP1) [see Q329834 for more information]

Windows XP Hotfix (SP1) Q329170

Windows XP Hotfix (SP1) Q810577

Windows XP Hotfix (SP1) Q810833

Windows XP Hotfix (SP1) Q817606

Windows XP Hotfix (SP2) [see Q329115 for more information]

WinZip

This is an addition to my last reply. I didn't know if I was suppose to create another HiJack logfile after the 3 boxes were checked and deleted. So, I went back and ran another scan and create logfile just in case. I am sorry if I should have done this before I sent you the previous Hijack Logfile. Hope this is not confusing. Thanks for all the help you have been giving me. I really appreciate it.

New HiJack Logfile:

Logfile of HijackThis v1.99.1

Scan saved at 4:26:46 PM, on 10/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

OK, I just found out that my husband downloaded and installed the Hello and Picasa programs for his blog that he uses on his website. So, I guess the C:\program files\picasa\pinstall is a valid file that is part of these programs. Sorry again for not knowing sooner and not letting you know in two previous replies.

Thank you.

Share this post


Link to post
Share on other sites
What files are in c:\!killbox?

Files in c:\!killbox:

1. Logs (folder), in this folder is a file called kb

2. conscorr.ini

3. z2748.exe (when I went into the !killbox folder, the AVG Anti-Spyware you had me load previously comes up and states that "Malware found" Name: Downloader.CWS.ab Location: C:\!KillBox\z2748.exe

Below is the contents of the file called kb:

Pocket Killbox version 2.0.0.881

Running on Windows XP as Leigh Silberg(Administrator)

was started @ Thursday, October 05, 2006, 8:10 PM

# 1 [Delete on Reboot]

Path = C:\windows\inf\conscorr.inf

# 2 [Delete on Reboot]

Path = c:\temp\FLEOK

# 3 [Delete on Reboot]

Path = C:\Documents and Settings\Leigh Silberg\Favorites\health

# 4 [Delete on Reboot]

Path = C:\WINDOWS\SYSTEM32\z2924.exe

# 5 [Delete on Reboot]

Path = C:\WINDOWS\SYSTEM32\z2748.exe

# 6 [Delete on Reboot]

Path = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:15:03 PM

Killbox Closed(Exit) @ 8:19:20 PM

__________________________________________________

Pocket Killbox version 2.0.0.881

Running on Windows XP as Leigh Silberg(Administrator)

was started @ Saturday, October 07, 2006, 3:48 PM

# 1 [Delete on Reboot]

Path = c:\windows\system32\win_a3.dll

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:51:51 PM

Killbox Closed(Exit) @ 3:52:36 PM

__________________________________________________

Share this post


Link to post
Share on other sites
Ok post a new Hijackthis log here in a reply and let me know how things are runnnig...

Logfile of HijackThis v1.99.1

Scan saved at 5:14:13 PM, on 10/8/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Program Files\hijackthis\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

******************************************************************************

I also ran the AVG anti-spyware in safemode after getting the malware alert for the file in c:\!killbox directory that it found. Here is the text file for that report:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 2:01:21 PM 10/8/2006

+ Scan result:

C:\System Volume Information\_restore{6EBA4C03-A18F-4374-9B57-78EB62701D84}\RP279\A0047549.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\—Āhkntfs.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\!KillBox\z2748.exe -> Downloader.CWS.ab : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{6EBA4C03-A18F-4374-9B57-78EB62701D84}\RP279\A0047539.exe -> Downloader.CWS.ab : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{6EBA4C03-A18F-4374-9B57-78EB62701D84}\RP279\A0047548.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).

::Report end

********************************************************************************

I also uninstalled the AVG anti-virus software since I already have Mcafee running. I read awhile back that having more than one anti-virus program can create problems. I only installed the free version of the AVG when I couldn't get into the Mcafee update page. After you have been helping me, I can now get into their page to download the latest dat files.

Otherwise, so far I think things are running OK. I just don't understand why the AVG Anti-Spyware program found 5 more problems that it quarantined after all the scanning and cleaning that was already done previously. Please advise on this.

Thank you.

Share this post


Link to post
Share on other sites

Lets clear your restore points...

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

Run another scan and tell me if it finds anything...

Share this post


Link to post
Share on other sites
Lets clear your restore points...

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

Run another scan and tell me if it finds anything...

I ran another AVG Anti-Spyware scan in safemode. It did not find anything this time, so there is no report to copy/paste to you.

Share this post


Link to post
Share on other sites
Ok post a new Hijackthis log here in a reply.

Logfile of HijackThis v1.99.1

Scan saved at 9:11:28 AM, on 10/9/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)

O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

Share this post


Link to post
Share on other sites

Your log is clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Other necessary Programs:

  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.

Share this post


Link to post
Share on other sites
Your log is clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Other necessary Programs:

  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.

Thank you so much for all your help. I really appreciate it. I will definitely take the tips you gave me to protect my pc. Thanks, again.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.