Freckles HJT log #1

Started by Ripley, January 14, 2006, 12:16:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3 ... 5
User actions

Ripley

January 14, 2006, 12:16:10 AM
Posting for another member Freckles who is in a crunch for time.
Fully patched XP SP2 with a clean Spybot scan, but w/ on-demand AdAware scan, it detected "purity scan"? (Not quite sure if that's what it was called), but couldn't remove it.  Scan at re-boot w/ AdAware detected, but couldn't remove again.
F-Secure anti-virus also detected puirty scan, but also couldn't remove.
On attempt to run an HJT scan & save a log in the same limited user profile, got a message from HJT saying (paraphrase)
"system was denied write access to the host file...may not be able to fix...edit the file youself by doing...something to windows/system32/drives/etc/hosts"
So I had her run a HJT log in the administrator profile and here it is:
The other security software include Paid Counterspy, active, (also detected nothing), SpywareBlaster, F-Secure firewall, behind a netgear WGR614 wireless router (security configuration on the router/firewall enabled but not quite sure if it's optimally set).  Router was just hooked up last week to new computer, and that would Freckles HJT log #2 coming in another topic.

Logfile of HijackThis v1.99.1
Scan saved at 5:38:40 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Support - {B527A16B-FB12-4049-96E0-C3ABF799D9F6} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

Die Hard

#1
January 14, 2006, 11:40:53 PM
ripley :)

This log is also clean  :thumbsup:

I wonder about the message HJT gave you about the hosts file ?

Open HJT and click " Open Misc Tools Section > Open Host Files Manager" and open it in Notepad. Copy the contents of it here and let´s have a look.

Die Hard :)
I create and edit my posts in GS-NOTES

Ripley

#2
January 14, 2006, 11:59:08 PM
Hopefully tommorrow Freckles will have some time to paste the hosts file.
In the meantime, what does she do about the purity scan detections?
Today Spybot scan and Counterspy scan was clean, but AdAware detected it again and said it couldn't remove, and F-Secure on-access scanner popped an alert about purity scan also but said it couldn't disinfect.

And what is that 010 entry: Broken internet access...that doesn't look good?

It would appear from talking with her that she thinks it is connected to a file in a temp folder.  Told her to wait to use CCleaner til we heard from you.  Should she run CCleaner, then try her scans?

Die Hard

#3
January 15, 2006, 01:52:47 AM
ripley :)

QuoteAnd what is that 010 entry: Broken internet access...that doesn't look good?

Didn´t look at it close enough  :shock:

Download WinsockFix from here: http://www.tacktech.com/pub/winsockfix/WinsockFix.zip

Now run HJT and fix this line:
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
Reboot.
After reboot run WinsockFix.

Die Hard :)

I create and edit my posts in GS-NOTES

Ripley

#4
January 15, 2006, 03:13:57 AM
Die Hard,
Here's what HJT host manager lists:
127.0.0.1       localhost

Should there be more info?   :uhm:

Downloaded WinsockFix, ran HJT and checked fix on the 010 entry.  Got a prompt that HJT wouldn't be able to repair this entry...but fixed anyways.  Re-booted.
Ran the WinsockFix.  Had numerous errors attempting to select the backup option for the registry...not sure if the backup took place, but ran the WinsockFix and was told it did the repair.

Ran another HJT scan and the 010 Broken internet access was gone.   :muahaha:

However, I noticed that this same 010 Broken internet access entry is also on Freckles log #2.   :(

Go ahead w/ CCleaner and more AdAware scans now?

Die Hard

#5
January 15, 2006, 06:36:21 AM
ripley :)

Yes, go on and do the same procedure with the O10-object in the other log. This one isn´t malicious, though, but could be a remnant from an earlier installed program.
You mentioned "Purity scan" which I believe is "PureSight" and this O10 item is just that: http://www.puresight.com/

Also run CCleaner, like you syggeseted ,which will make sure the temp folders are cleaned. Round up with AdAware until it tell the system is clean.

regards

Die Hard :)
I create and edit my posts in GS-NOTES

Ripley

#6
January 15, 2006, 09:29:50 AM
Die Hard,

Want to make sure we understand "same procedure"  for the other computer.  You mean:
Quote from: Die Hard on January 15, 2006, 01:52:47 AM
Download WinsockFix from here: http://www.tacktech.com/pub/winsockfix/WinsockFix.zip

Now run HJT and fix this line:
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
Reboot.
After reboot run WinsockFix.

Quote from: Die Hard on January 15, 2006, 06:36:21 AM
ripley :)
You mentioned "Purity scan" which I believe is "PureSight" and this O10 item is just that: http://www.puresight.com/

I thought she was talking about purityscan associated with clickspring like here:
http://sarc.com/avcenter/venc/data/adware.purityscan.html

Checking out that PureSight link it seems it is "partnered" with F-Secure as well as Microsoft, so that was a probable connection?  This PureSight is confusing to me.  If legit, why would F-Secure A/V detect it as a virus?

Someone else I was talking to today said their AdAware SE detected PurityScan a couple days ago too...must be making the rounds.

Will move on w/ CCleaner and run AdAware again.

No issues with the HJT hosts file manager right?

Die Hard

#7
January 15, 2006, 11:31:10 AM
ripley wrote:
QuoteNo issues with the HJT hosts file manager right?

No, not at all. 127.0.0.1 is the IP# for the local machine and is added as an example.

Here´s an example of an edited hosts-file:



The hosts-file is located in (XP)  "C:\Windows\System32\Drivers\etc\hosts" (C:\ is variable, depending on the system configuration)

[attachment deleted by admin]
I create and edit my posts in GS-NOTES

Ripley

#8
January 16, 2006, 12:16:31 AM
Helpful to see that an example of an edited host file.  Thnx.  Glad that isn't an issue, but this purityscan keeps coming back.  Got better details.

Ran CCleaner, removed all that was quarantined in AdAware, did full system scan w/ AdAware and it found purityscan in windows/system32/t?skmgr.exe and still says it can't remove.
F-Secure A/V detects trojandownloader win32purityscan and says can't disinfect.

The computer is running pretty slow.  Post AdAware log?  Try online scan?  Any ideas at this point?

Die Hard

#9
January 16, 2006, 12:47:34 AM
Quotewindows/system32/t?skmgr.exe 

That is Purity Scan/Clickspring .
Open the taskmanager (Ctrl+Alt+Del) and see if the file is among the running processes.Terminate it , if it is.
Then navigate to Windows\System32 and see if you can delete it.
NOTE: The Taskmanager is there also and has the name "TASKMGR.EXE" and that one mustn´t be touched.

To make the folders visible,click (Windowskey+E) and in the toolbar click "Tools>Folder options" and under tab "View" checkmark "Show hidden files and folders" and uncheck "Hide protected system files" and "Hide file extentions for known filetypes"

I suggest you download Ewido and make a scan, preferably in safe mode.

Please go here and download Ewido Security Suit:
http://www.ewido.net/en/download/

A quick guide is found here:
http://www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf

  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
    You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
    The update will start and a progress bar will show the updates being installed.
    If you are having problems with the updater, you can use this link to manually update Ewido.
    Ewido manual updates

    Once the updates are installed do the following:

    Reboot into safe mode (press the F8-key repetedly on bootup)
    Once in safe mode open Ewido.

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.

    On the first alert, a window will open prompting you to take action. Checkmark "Remove" and "Perform action on all detections".
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
    Now close ewido security suite.

    Then please go here and make an online scan.
    Panda ActiveScan http://www.pandasoftware.com/activescan/

    Trend Micro HouseCall http://housecall.trendmicro.com/

    Hopefully they will come up clean :)

    Die Hard :)
I create and edit my posts in GS-NOTES

Ripley

#10
January 16, 2006, 01:00:12 AM
Ewido and 2 online scans will happen soon  :flame:

Hopefully we'll have some joy!

Thanks Die Hard!   :flowers:

Ripley

#11
January 18, 2006, 02:41:55 AM
Die Hard,
In Freckles' task manager, in processes, were 2 exact entries w/ only difference of the "mem usage:"
taskmgr.exe with mem usage 4,xxx
taskmgr.exe with with mem usage 17,xxx

Couldn't tell what was legit so nothing was done.

The purity scan pathway provided by F-Secure A/V of windows/system32/t?skmgr.exe
was not found in Windows/system32 folder.

Downloaded & updated Ewido, and a full system scan in safe mode detected nothing.

Doing 2 onlines scans now.  In the meatime, any idea which taskmgr.exe to terminate?

Die Hard

#12
January 18, 2006, 08:49:08 AM
Quote from: ripley on January 18, 2006, 02:41:55 AM
Die Hard,
In Freckles' task manager, in processes, were 2 exact entries w/ only difference of the "mem usage:"
taskmgr.exe with mem usage 4,xxx
taskmgr.exe with with mem usage 17,xxx

Couldn't tell what was legit so nothing was done.

The purity scan pathway provided by F-Secure A/V of windows/system32/t?skmgr.exe
was not found in Windows/system32 folder.

Downloaded & updated Ewido, and a full system scan in safe mode detected nothing.

Doing 2 onlines scans now.  In the meatime, any idea which taskmgr.exe to terminate?

Try either of them. If you terminate the wrong one, the tool you´re watching disapperas :)
So you will have to (ctrl+alt+del) to start it again and choose the other one  :P

Die Hard :)
I create and edit my posts in GS-NOTES

Ripley

#13
January 19, 2006, 01:49:06 AM
Die Hard  :)

Killed the process of the taskmgr.exe that had the highest mem usage and it went away (not the task manager), so it looked like she choose the right one.

Ran Ewido in normal mode this time and detected and removed the purity scan!  :twak: Did another scan with AdAware (which previously always detected/couldn't remove) and it was clean!  :muahaha:

Also did a full scan with F-Secure A/V and it was clean this time too.  :exorcize:

For some reason, she says both online scan attempts (Panda & TrendMicro) met with extremely slow loading of website pages...30 minutes and still hadn't loaded   :uhm:  So they weren't completed.

Given above, assume purity scan is gone unless one of the on board scanners detects it, right?

Die Hard

#14
January 19, 2006, 02:01:32 AM
ripley :)

QuoteGiven above, assume purity scan is gone unless one of the on board scanners detects it, right?
 
If AdAware previously detected it, but not any more I´m certain it´s gone. If you want to make sure for yourself, check the scanning log from AAW and see if it isn´t "t?skmgr.exe" it found.

Try to go to Trend once again, but first remove this item, using HJT:
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
 
Then go to their site again and see if it works You will have to allow an ActiveX-object to be installed, before the scan begins.

Regards

Die Hard :)

I create and edit my posts in GS-NOTES
Print
Go Up Pages1 2 3 ... 5
User actions