Posts by stephencallgood

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

Everything in msconfig should be enabled before posting a log.
That log is fine :).

I cant thank you enough for your help. you have done an incredible job. Your web site is great. again, thanks VERY much.
with great respect steve.

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

You did set a system restore point yes?
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll (file missing)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll (file missing)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: (no name) - {3794669C-CF5B-4197-9EC0-A96111C98E84} - (no file)
O3 - Toolbar: (no name) - {5BEE6FFE-A6FC-42D0-9D26-BCD25A204614} - (no file)
O3 - Toolbar: (no name) - {9EBC2838-F902-4FA2-AB96-02125FEFD3AB} - (no file)
O3 - Toolbar: (no name) - {92FF8F8E-B0AE-482F-A385-EFE3206F8E74} - (no file)
Reboot after doing the above, rescan with hijackthis, then post that log here please.
Let me know how your PC is now.

hey crunchie, sorry about the slow response. Im back at work Vacations over.
yes I set a restore point. My PC is MUCH better thanks to you. very few popups. and runs much better QUICK response. I did not re check everything in msconfig start up this time because bad things are still listed there but are not re-checking themselves like before. Heres my next hjt log and should I always recheck in msconfig before hjt log?

Logfile of HijackThis v1.99.0
Scan saved at 6:04:03 PM, on 1/4/2005
Platform: Windows XP SP2 …

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

sorry crunchie, Iforget to reboot after i ran the regfile. here is hjt AFTER reboot.

Logfile of HijackThis v1.99.0
Scan saved at 5:45:12 PM, on 1/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\daddy-o\Application Data\Mozilla\Profiles\default\ccna80vw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\daddy-o\Application Data\Mozilla\Profiles\default\ccna80vw.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.114-deleon.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - …

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

OK. I have uploaded a regfile to remove a registry entry. Unzip it and double click to run. When asked to merge with your registry, click yes. You can set a system restore point just before you do, if you wish. Probably a good idea now that qoologic is gone :).
Now we can get on with your hijackthis log. Please reboot after doing the regfile and post a fresh log please.

here it is. Logfile of HijackThis v1.99.0
Scan saved at 4:44:43 PM, on 1/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

Put silent runners in a folder and run it from there. The log is saved wherever it's run from. It's called startup programs.

"Silent Runners.vbs", revision 28, launched at: 14:14
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP SP2

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"Synchronization Manager" = "%SystemRoot%\system32\mobsync.exe /logon" [file not found]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll" [file not found]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll" [MS]
{9527D42F-D666-11D3-B8DD-00600838CD5F}\(Default) = "IEWatchObj Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\System32\IETie.dll" ["Tenebril Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program files\google\googletoolbar_en_2.0.114-deleon.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{CF7C3CF0-4B15-11D1-ABED-709549C10000}\(Default) = "IEPlugin Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Advanced System Optimizer\IEHelper.dll" [file not found]
{E3215F20-3212-11D6-9F8B-00D0B743919D}\(Default) = (no title …

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

I ran silent runner but it flashes the file location so fast I cant read it. seems to be temp internet files in local settings but i cant find it.

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

good morning (its morning here) ok what next. here's a qoologic and a hjt

C:\Documents and Settings\daddy-o\My Documents\filelib\qoologic

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\WINDOWS\system32\PAV.SIG: .aspack
C:\WINDOWS\system32\PAV.SIG: :.aspackze
C:\WINDOWS\system32\PAV.SIG: .aspack.text
C:\WINDOWS\system32\PAV.SIG: H.aspack.text
C:\WINDOWS\system32\PAV.SIG: .aspack.text
C:\WINDOWS\system32\PAV.SIG: 4.aspack
C:\WINDOWS\system32\PAV.SIG: .aspack
C:\WINDOWS\system32\PAV.SIG: F<SW.aspack
C:\WINDOWS\system32\PAV.SIG: [.aspack
C:\WINDOWS\system32\PAV.SIG: [email]H@.aspack.text.pmj[/email]
C:\WINDOWS\system32\PAV.SIG: AsPack
C:\WINDOWS\system32\PAV.SIG: :.aspack
C:\WINDOWS\system32\PAV.SIG: H@.aspack
C:\WINDOWS\system32\PAV.SIG: .aspack
C:\WINDOWS\system32\PAV.SIG: .aspack
C:\WINDOWS\system32\PAV.SIG: H.aspack
C:\WINDOWS\system32\PAV.SIG: .aspack
C:\WINDOWS\system32\PAV.SIG: 4.aspack
C:\WINDOWS\system32\PAV.SIG: .aspack
C:\WINDOWS\system32\PAV.SIG: [.aspack
C:\WINDOWS\system32\PAV.SIG: F<SW.aspack

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
Finished

Logfile of HijackThis v1.99.0
Scan saved at 10:12:46 AM, on 1/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

Run Pocket Killbox again and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).
C:\WINDOWS\system32\iopgoi.dll
C:\WINDOWS\system32\RBK20EC.bak
C:\WINDOWS\system32\RBK20EC.bak
C:\WINDOWS\system32\sbazbs.dll
C:\WINDOWS\system32\xwqpwx.exe
C:\WINDOWS\system32\gbvqbg.dat
C:\WINDOWS\system32\qrkyrq.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ftnytf.exe
Reboot afterwards if the files are successfully deleted.
If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.
Post another qoologic log when done.

did killbox. ftnytf is no longer checked but qrkyrq is still checked, here is my next qoologic. ( got to hit the sack ) thanks again.

C:\Documents and Settings\daddy-o\My Documents\filelib\qoologic

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

ok got my download back. did a killbox. (thanks for being patient) heres hjt and qoologic. then what.

Logfile of HijackThis v1.99.0
Scan saved at 11:01:49 PM, on 1/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\qrkyrq.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Documents and Settings\daddy-o\My Documents\My Received Files\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\daddy-o\Application Data\Mozilla\Profiles\default\ccna80vw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\daddy-o\Application Data\Mozilla\Profiles\default\ccna80vw.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.114-deleon.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll (file missing)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft …

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

I got mine setup tighter than a drum and can download form both ,Go figure !!

It looks like I have lost my ability to download ANYTHING. I had DAP even the Icon has gone. but I should have still been able to download. Any ideas how to regain my download ability.

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

same thing. redirects and just sits there. I tried dropping my firewall and lowering my security but didnt help. I will try from netscape.

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

Why can't you download it? Try right clicking on the download link and select *save as* and save it to your desktop.

When i click on your killbox link i get a redirect to bleeping computer and an open ie page. seems to be running but no down load forthcoming. I went to and joined bleepingcomp. and tried to download killbox but got the same blank, running page. anything else i can do to dl killbox?

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

I cant get the killbox to download!!! what next?

Download the Pocket KillBox
Unzip the file to your desktop.
Open TheKillbox.
Stay offline when doing the following fix.
Next paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).
C:\WINDOWS\SYSTEM32\sbazbs.dll
C:\WINDOWS\SYSTEM32\xwqpwx.exe
C:\WINDOWS\SYSTEM32\gbvqbg.dat
C:\WINDOWS\SYSTEM32\qrkyrq.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ftnytf.exe
Reboot afterwards if the files are successfully deleted.
If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.
Post another qoologic log after. Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

They keep messing with the page that has the qoologic.zip :(. I will upload it for you.
Yep. Enable all in Msconfig, then reboot and post those logs.
I'm off to bed. 2 am here, 2005. Happy new year :D.

log file after checked all mscofig stuff and reboot. also am resending qoologic stuff.
Logfile of HijackThis v1.99.0
Scan saved at 5:15:46 PM, on 12/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Camtech\SpySites-Plus\SpySitesP.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\qrkyrq.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\daddy-o\My Documents\My Received Files\HijackThis.exe

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

Just hit the reply button in this thread rather than start a new thread :). Did you run the qooligic.bat as requested? Whatever you did in Msconfig, can you please reverse. It looks like a lot less happening there now.

sorry crunchie, I still got a lot to learn. I went to site from your thread( baskar). couldnt find anything like qoologic.zip. In msconfig, do you want me to check everything there and then reboot. then run hyt? Sorry Im not very savvy on the pc. I appreciate your help....I am learning fast.

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

Re: getting rid of Admilliserve log file

ran hijackthis and deleted as per crunchie's instructions. qrkyrq and ftnytf.exe still show up rechecking in msconfig start up...here is my new logfile.. please help thanks steve.

Logfile of HijackThis v1.99.0
Scan saved at 11:52:32 PM, on 12/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\daddy-o\Application Data\Mozilla\Profiles\default\ccna80vw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\daddy-o\Application Data\Mozilla\Profiles\default\ccna80vw.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.114-deleon.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 …

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

getting rid of Admilliserve log file

here is my log file. please tell me what to get rid of thank you very much, steve

Logfile of HijackThis v1.99.0
Scan saved at 8:42:14 PM, on 12/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Information Security windows-virus

stephencallgood 0 Newbie Poster

20 Years Ago

what is admilliserve

what is adimilliserve? how do i get rid of it if its bad thing. thanks for your help steve

Information Security windows-virus