No system restore.Antivirus pop ups & desktop tray pop ups

**wisenheimer** · 2006-08-17, 14:39

C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\176EB7A7-8B89-449F-94B2-FEB531DCEB38\scripts\prodInfo.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\176EB7A7-8B89-449F-94B2-FEB531DCEB38\scripts\prodinfo.js Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\176EB7A7-8B89-449F-94B2-FEB531DCEB38\upsell\images\en\upsell.jpg Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\176EB7A7-8B89-449F-94B2-FEB531DCEB38\upsell\polar.ico Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\176EB7A7-8B89-449F-94B2-FEB531DCEB38\upsell\upsell.hta Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\176EB7A7-8B89-449F-94B2-FEB531DCEB38\_176EB7A7-8B89-449F-94B2-FEB531DCEB38.exe Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012004070920040710\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012004080120040802\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012004082920040830\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012004092320040924\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012004092420040925\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012005112720051128\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006011020060111\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006011120060112\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006022420060225\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006052720060528\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006072320060724\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006072420060731\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006073120060807\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006080720060814\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006081420060815\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\Local Settings\History\History.IE5\MSHist012006081520060816\index.dat Object is locked skipped
C:\Documents and Settings\STEVE\My Documents\Document2.wpd Object is locked skipped
C:\Documents and Settings\STEVE\My Documents\who-did-it party list 1.wpd Object is locked skipped
C:\Documents and Settings\STEVE\My Documents\who-did-it to do list and other stuff like that.wpd Object is locked skipped
C:\Documents and Settings\STEVE\My Documents\Who.wpd Object is locked skipped
C:\Program Files\asys\stb.exe Infected: Trojan-Downloader.Win32.Agent.tf skipped
C:\Program Files\CMAPP\cmappstub.exe Infected: Trojan-Downloader.Win32.Agent.tf skipped
C:\Program Files\Common Files\NSIS\ns60.dll Object is locked skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.dx skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp/WISE0008.BIN Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp WiseSFX: infected - 2 skipped
C:\RECYCLER\S-1-5-21-842925246-261903793-839522115-1008\Dc1.lnk Object is locked skipped
C:\WINDOWS\bbi8024_MEDIAMOTOR.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
C:\WINDOWS\bbi8024_MEDIAMOTOR.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
C:\WINDOWS\bbi8024_MEDIAMOTOR.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
C:\WINDOWS\bbi8024_MEDIAMOTOR.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
C:\WINDOWS\bbi8024_MEDIAMOTOR.exe NSIS: infected - 4 skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\fixit.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\WINDOWS\fixit.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\WINDOWS\fixit.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\WINDOWS\fixit.exe NSIS: infected - 3 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\73305db.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\system32\btpanuib.dll Infected: not-a-virus:AdWare.Win32.SmartSearch.b skipped
C:\WINDOWS\system32\compstuid.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\msvideo.exe Infected: Trojan-Downloader.Win32.Reqlook.d skipped
C:\WINDOWS\system32\VSL05.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\WINDOWS\system32\VSL05.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\system32\VSL05.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wshtcpip.exe Infected: Backdoor.Win32.Small.ml skipped
C:\WINDOWS\temp\sqlite_37a1pXr2gezvxwg Object is locked skipped
C:\WINDOWS\temp\sqlite_8vJKG4XlCjntEcM Object is locked skipped
C:\WINDOWS\temp\sqlite_eNvbEovtFYsNbsV Object is locked skipped
C:\WINDOWS\temp\sqlite_gjwXeMPcnrmd2rw Object is locked skipped
C:\WINDOWS\temp\sqlite_hFgwD5zXbdSB7K3 Object is locked skipped
C:\WINDOWS\temp\sqlite_nSMwYXWDt6S0MEl Object is locked skipped
C:\WINDOWS\temp\sqlite_vMiGHnegoOYrOnD Object is locked skipped
C:\WINDOWS\U3RlcGhlbiBKLiBUb3dsZXI\oal5w315v214M21ovaxPtrK.vbs Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**LonnyRJones** · 2006-08-17, 16:31

Manualy delete these files and folders

C:\WINDOWS\browserxtras
C:\WINDOWS\U3RlcGhlbiBKLiBUb3dsZXI
C:\WINDOWS\system32\73305db.exe
C:\WINDOWS\system32\btpanuib.dll
C:\WINDOWS\system32\compstuid.dll
C:\WINDOWS\system32\msvideo.exe
C:\WINDOWS\bbi8024_MEDIAMOTOR.exe
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\Documents and Settings\Alexis\Local Settings\Application Data\73305db.exe

**wisenheimer** · 2006-08-17, 20:10

could not delete:

C:\WINDOWS\system32\btpanuib.dll

**LonnyRJones** · 2006-08-18, 01:00

Run Hijackthis click >"config" then "misc tools" >"delete file on reboot"
(exact spelling counts!!! so dont browse to the files)
Copy/Paste the bolded line below into the File name box then click Open,
C:\WINDOWS\system32\btpanuib.dll
Answer yes to the prompt to reboot the PC

Any problems now

**wisenheimer** · 2006-08-18, 03:20

Okay I just started up the internet and everything seems okay. Only 1 popup in 10 minutes. Something I noticed during the past few days is that it is taking longer to connect to the internet. Maybe it is because my homepage is SSL? But then again its always been. Just trying to come up with answers. Thank you for your help so far.

**LonnyRJones** · 2006-08-18, 05:57

Give it s few days then report back any odd behaivior

You can also delete
C:\Program Files\asys < folder
C:\Program Files\CMAPP < folder

-------
C:\Program Files\Common Files\NSIS\ <what are the contents ?

**wisenheimer** · 2006-08-18, 13:41

ns60.dll
uninst.exe

As soon as I opened the folder my AV detected potentially unwanted program.

"McAfee has automatically blocked a potentially unwanted program from running on your computer.

Details
Name: Adware-NSISMedia

More Info
Potentially unwanted programs include spyware, adware, and other programs that might create additional security or privacy risks to your computer data and personal information. They are often downloaded in conjunction with a program that you want.

Process: C:\WINDOWS\Explorer.EXE
Process Name: Windows Explorer
File Path: C:\Program Files\Common Files\NSIS\ns60.dll

If you do not recognize this potentially unwanted program, McAfee recommends that you remove it. If you recognize this potentially unwanted program, trust it, and then rerun the program that triggered this alert."

**LonnyRJones** · 2006-08-23, 04:42

I lost tract of your thread

Go ahead and delete the nsis folder if you havent already.

Are there any current problems ?

**tashi** · 2006-08-28, 19:18

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.

Thread: No system restore.Antivirus pop ups & desktop tray pop ups

Thread Tools

Display

Posting Permissions