im1knight Posted December 12, 2006 Author Share Posted December 12, 2006 erm..weezy just let me done that. i finally made my panda scan work tho=) anyways..ill post the new log..sec Quit runescape on Jan 6th of 2008, at level of 115 with around 150M worth of item in bank...however stats still remainsWorld 59, the world i loved~ Now 95% dedicated to playing Microsoft flight simulator http://www.youtube.com/user/im1knightmy youtube channel with many FSX videos i made. please leave a comment if you will Link to comment Share on other sites More sharing options...
im1knight Posted December 12, 2006 Author Share Posted December 12, 2006 here is the panda scan log: (This is all you really need, just clear the cookies) AdTry ware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\ma kevin\Local Settings\Temporary Internet Files\Content.IE5\5GGCMAHP\yasrepair[1].cab[yrepair.dll] Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\ma kevin\Local Settings\Temporary Internet Files\Content.IE5\N0NCBS66\yasrepair[1].cab[yrepair.dll] Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\ma kevin\Local Settings\Temporary Internet Files\Content.IE5\N0NCBS66\yasrepair[2].cab[yrepair.dll] Virus:Trj/Agent.CZN Not disinfected C:\Documents and Settings\ma kevin\Local Settings\Temporary Internet Files\Content.IE5\OL78GRPT\ad[1][Caution: Executable File][server[Caution: ExecutableFile]] Virus:Trj/Sinowal.DJ Disinfected C:\Documents and Settings\user.USER-B631A26298\Local Settings\Application Data\Mozilla\Firefox\Profiles\nxxv6gxg.default\Cache\A25B47A2d01 Virus:Trj/Agent.CZN Not disinfected C:\WINDOWS\iister[Caution: ExecutableFile][server[Caution: ExecutableFile]] Virus:Trj/Agent.CZN Disinfected C:\WINDOWS\system32\WinInstall[Caution: ExecutableFile] Quit runescape on Jan 6th of 2008, at level of 115 with around 150M worth of item in bank...however stats still remainsWorld 59, the world i loved~ Now 95% dedicated to playing Microsoft flight simulator http://www.youtube.com/user/im1knightmy youtube channel with many FSX videos i made. please leave a comment if you will Link to comment Share on other sites More sharing options...
im1knight Posted December 12, 2006 Author Share Posted December 12, 2006 HJT log:(those hosts just seems to keep coming back) Logfile of HijackThis v1.99.1 Scan saved at 17:36:54, on 2006-12-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile] C:\WINDOWS\system32\cisvc[Caution: ExecutableFile] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: ExecutableFile] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile] C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\Common Files\AOL\1155133248\ee\AOLSoftware[Caution: ExecutableFile] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile] C:\WINDOWS\system32\RunDLL32[Caution: ExecutableFile] C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_09\bin\jusched[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\HP\hpcoretech\comp\hptskmgr[Caution: ExecutableFile] C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile] C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden[Caution: ExecutableFile] C:\Program Files\Google\Web Accelerator\googlewebaccclient[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\Program Files\HP\Digital Imaging\bin\hpqgalry[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\cidaemon[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\Documents and Settings\ma kevin\Desktop\New Folder\HijackThis[Caution: ExecutableFile] R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll R3 - URLSearchHook: Yahoo! ÃÆÃÂ¥ÃâïÃâüÃÆèÃâ¹Ã¢â¬Â ÃâêÃÆæÃâà Quit runescape on Jan 6th of 2008, at level of 115 with around 150M worth of item in bank...however stats still remainsWorld 59, the world i loved~ Now 95% dedicated to playing Microsoft flight simulator http://www.youtube.com/user/im1knightmy youtube channel with many FSX videos i made. please leave a comment if you will Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 13, 2006 Share Posted December 13, 2006 ok Let's try this. You might want to print this out or save a copy so you know what to do in safemode. Download the Hoster Here and unzip it to your desktop. Next, open the Hoster [*:19ng65xn]Make sure that the "make hosts writable?" button in the upper right corner is checked [*:19ng65xn] Now, click on 'back up Host files' [*:19ng65xn] then click on 'Restore orginal host files' [*:19ng65xn] Finally, close the hoster Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R3 - URLSearchHook: Yahoo! ÃÆÃÂ¥ÃâïÃâüÃÆèÃâ¹Ã¢â¬Â ÃâêÃÆæÃâà Link to comment Share on other sites More sharing options...
im1knight Posted December 13, 2006 Author Share Posted December 13, 2006 there r the programs.. Quit runescape on Jan 6th of 2008, at level of 115 with around 150M worth of item in bank...however stats still remainsWorld 59, the world i loved~ Now 95% dedicated to playing Microsoft flight simulator http://www.youtube.com/user/im1knightmy youtube channel with many FSX videos i made. please leave a comment if you will Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now