Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Jave/Byte Verify [RESOLVED]


  • This topic is locked This topic is locked

#1
boomercj

boomercj

    Member

  • Member
  • PipPipPip
  • 122 posts
Good Morning Super Brains! :whistling:

First - this is not the computer from yesterdays post.

I can't use Ewido. I get a "No Disk" window with the option to Cancel, Try Again or Continue. Clicking any of those buttons is useless. Task Manager tells me that Ewido is not responding.

My AVG scan give me 12 Java/Byte Verify and one Trojan Generic WGB which I cannot heal, delete or anything.

Adaware scan has several items identified. I will post the log if you require it.

CWShredder came up clean.

Edit -
There was another post from a member that appeared to have the same virus name. The adivice was to download silent runner and scan. So I downloaded silent runner and scanned. I also have that log if required.

Here is my HJT log. (with the new and improved HJT!)


Logfile of HijackThis v1.99.1
Scan saved at 10:07:21 AM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\PPPATC~1\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\VipGeek\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....ink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AAC018F7-D11A-CCCE-1E81-F05A67391B97} - C:\WINDOWS\system32\zdg.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F3 - REG:win.ini: load=E:\CDSETUP.EXE
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AAC018F7-D11A-CCCE-1E81-F05A67391B97} - C:\WINDOWS\system32\zdg.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [zumz] C:\PROGRA~1\COMMON~1\zumz\zumzm.exe
O4 - HKCU\..\Run: [Tvmsbi] C:\WINDOWS\system32\MBOLS~1\nopdb.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\PPPATC~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm070YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by boomercj, 26 August 2006 - 12:27 PM.

  • 0

Advertisements


#2
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi boomercj, :blink:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :whistling:
  • 0

#3
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Thank you. this concerns my computer at home, so I will repost a new HJT log when I get home from work. Do you also want/need any other scans from silent runner, avg or anything else? I can't get ewido to run, although I haven't tried it in safe mode yet.
  • 0

#4
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Good Evening.

New HJT log as requested.

Logfile of HijackThis v1.99.1
Scan saved at 5:27:40 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\MBOLS~1\nopdb.exe
C:\WINDOWS\PPPATC~1\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\VipGeek\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....ink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AAC018F7-D11A-CCCE-1E81-F05A67391B97} - C:\WINDOWS\system32\zdg.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F3 - REG:win.ini: load=E:\CDSETUP.EXE
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AAC018F7-D11A-CCCE-1E81-F05A67391B97} - C:\WINDOWS\system32\zdg.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [zumz] C:\PROGRA~1\COMMON~1\zumz\zumzm.exe
O4 - HKCU\..\Run: [Tvmsbi] C:\WINDOWS\system32\MBOLS~1\nopdb.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\PPPATC~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm070YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#5
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Hello Falu,

It appears that we have half of a planet between us. I was going to post some other logs for you to look at so you could try to do this all at once rather than wait a day at a time, but I'm not sure what all of these files are and exactly what information I'm putting out for the world to see. Please let me know if you need anything else. I have an AdAware quarantine list from tonight, a Silent Runner log from a couple of nights ago, CWShredder says it found nothing. I did the fixsq and smitrem thing and that came up clean.

I can't run Ewido. I get an error window which reads: Windows-no disk. There are buttons for Cancel, Try Again and Continue. Naturally none of them lead to anything.

I tried and couldn't run Panda.

Thank you in advance. :whistling:
  • 0

#6
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi boomercj, :whistling:

Welcome to GeeksToGo Forums and thanks again for your patience.

It appears that we have half of a planet between us. I was going to post some other logs for you to look at so you could try to do this all at once rather than wait a day at a time, but I'm not sure what all of these files are and exactly what information


Yes we are far apart so there is a time difference but that will not stop us from solving the problems you have with your computer.

Since there is a lot to do let's start. I suggest you first read these instructions so you know what you're supposed to do.

1. You are running HijackThis from C:\VipGeek. HJT creates backups and we want them safe and secure should they be required later. For that reason I recommend to remove HijackThis to its own location. Create a folder on your C: drive: click Start > My Computer, open/double-click your C:\ drive, select New, next Folder and call it C:\hijackthis. Drag HijackThis into that folder!

2. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

You may re-enable it again when your computer is clean; I will let you know!

3. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following programs if listed:

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way

I also see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
Additional info: http://vil.nai.com/v...nt/v_137262.htm
I suggest that from within Add/Remove you remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar

4. Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

5. Run HijackThis, click Scan and checkmark the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AAC018F7-D11A-CCCE-1E81-F05A67391B97} - C:\WINDOWS\system32\zdg.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F3 - REG:win.ini: load=E:\CDSETUP.EXE
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {AAC018F7-D11A-CCCE-1E81-F05A67391B97} - C:\WINDOWS\system32\zdg.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [zumz] C:\PROGRA~1\COMMON~1\zumz\zumzm.exe
O4 - HKCU\..\Run: [Tvmsbi] C:\WINDOWS\system32\MBOLS~1\nopdb.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\PPPATC~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm070YYUS
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O20 - AppInit_DLLs:


If you agreed to remove Viewpoint checkmark the following entries as well:

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folders in bold if listed:

C:\Program Files\MyWebSearch
C:\PROGRA~1\COMMON~1\zumz << You will find it in PROGRAm Files\COMMON Files
C:\WINDOWS\system32\MBOLS~1<< The folder name will begin with MBOLS
C:\WINDOWS\PPPATC~1<< The folder name will begin with PPPATC
C:\Program Files\Ebates_MoeMoneyMaker

.......... and file in bold if listed:

C:\WINDOWS\system32\zdg.dll

Let me know if you had problems with this step.

7. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please post a fresh HijackThis log and let me know how things are running now.
  • 0

#7
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Hi!

I put HiJack This in the VIPGeek folder because that's where a previous tech (not from G2G) put a bunch of software. I just wanted to keep it all together!

When I get home tonight, I will proceed with your instructions. Thank you!
  • 0

#8
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Let's see if I can remember everything....

I disabled Windows Defender

I moved HiJackThis to it's own folder


* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way


Only found My Web Search - Zinky

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar


Did not find the first line - Viewpoint.
Removed the other three

Downloaded and ran Spybot and AdAware

Ran a HJT scan.... but.....

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm070YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab


I didn't find the above entries in the HJT scan.
I didn't find any of the entries referring to Viewpoint

I didn't find these -

C:\Program Files\MyWebSearch
C:\PROGRA~1\COMMON~1\zumz << You will find it in PROGRAm Files\COMMON Files
C:\WINDOWS\system32\MBOLS~1<< The folder name will begin with MBOLS
C:\WINDOWS\PPPATC~1<< The folder name will begin with PPPATC
C:\Program Files\Ebates_MoeMoneyMaker

C:\WINDOWS\system32\zdg.dll


but I did a search for each of the files and only a cookie for MyWebSearch was found. I deleted it.

I downloaded and ran ATF Cleaner with no problems
I am going to turn Windows Defender back on because I'm sure the young folk in this house will be using the computer while I'm at the office tomorrow and I certainly don't want to be left unguarded! :blink:

Edit - Can you believe it? I reactivated Windows Defender and ran a scan immediately after I left this forum and it found a Trojan!! Targetsaver is was called. Deleted that bug right away! :whistling:


Here is the resulting HJT log

Logfile of HijackThis v1.99.1
Scan saved at 7:37:43 PM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\VipGeek\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....ink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by boomercj, 31 August 2006 - 07:16 PM.

  • 0

#9
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi boomercj, :whistling:

I put HiJack This in the VIPGeek folder because that's where a previous tech (not from G2G) put a bunch of software. I just wanted to keep it all together!


I understand and in fact it's okay but it's very important that we have the back-ups made by HijackThis before fixing anything in a safe place; the safest place is a specific HijackThis folder.

Your HijackThis log is as clean as can be, so that's good.

1. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
2. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 5.0 Update 8). Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:
    [list]
    Java Runtime Environment (JRE) 5.0 Update 8
Please post the Kaspersky report together with a fresh HijackThis log! .
  • 0

#10
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Hi again,

Below is the Kaspersky log and HJT log.

I've uninstalled the old Java and installed the new.

I discovered that I had only placed a shortcut to HJT in the HJT folder, so I had to cut and paste it from the VIPGeek folder to the HJT folder.

The computer is running nicely now. You eliminated the error messages at start up that the tech I paid couldn't get rid of! What a wonderful job you did!!! :help: :whistling:
Unfortunately Kaspersky says it found 35 viruses. :)
I did uninstall Viewpoint Media Player, but there is still a folder in Program Files. Should I delete that too? Here are the contents
[attachment=10514:attachment]

Once again, I can't thank you enough for your help. I will be home tomorrow, so I will try to respond to your posts more quickly.... after I mow the lawn, do the laundry, brush the dog etc. :blink:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 01, 2006 6:41:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/09/2006
Kaspersky Anti-Virus database records: 220099
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
K:\
M:\
N:\
O:\

Scan Statistics:
Total number of scanned objects: 107343
Number of viruses found: 35
Number of infected objects: 102 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:19:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05062006-080456.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Owner\triggers.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0003 Infected: Trojan-Downloader.Win32.Agent.nj skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0004/data0001 Infected: Trojan-Downloader.Win32.Agent.om skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0004 Infected: Trojan-Downloader.Win32.Agent.om skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe NSIS: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe/data0003 Infected: Trojan-Downloader.Win32.Agent.nj skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CD7D4AA5-163C-44FE-B481-9FA0F8E4F45C} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006090120060902\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frA827 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCD3F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\AOL\ACS\US\forms.fdb Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\US\static Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\qbpos.db Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\qbpos.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\SvrMsgs20060901QBPR AT5QGAAC3Z my company.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\qbpos.db Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\qbpos.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\SvrMsgs20060901QBPP AT5QGAAC3Z Al's Sports Hut.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP335\A0198512.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP344\A0198659.exe Infected: not-a-virus:AdWare.Win32.PurityScan.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198689.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198691.dll Infected: not-a-virus:AdWare.Win32.DealHelper.j skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198692.exe Infected: not-a-virus:AdWare.Win32.DealHelper.u skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198693.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP356\A0198926.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP376\A0199717.exe Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP376\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199752.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199754.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199755.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199760.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199761.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199762.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199764.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199765.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199766.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199767.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199768.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199769.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199770.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199771.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199774.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199778.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199779.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199780.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199782.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199783.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199874.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199875.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199879.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199880.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP380\A0199898.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199932.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199932.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199932.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199933.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199933.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199933.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP383\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\greenuns.exe Infected: Trojan-Downloader.Win32.Vivia.y skipped
C:\WINDOWS\msnavpklog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{574EC2E0-D08B-420B-82AF-6E5E791C4E4F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\ssqb.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\ssqb.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\ssqb.exe NSIS: infected - 2 skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\aisysUS.exe/data0002 Infected: Trojan-Downloader.Win32.Apropo.e skipped
C:\WINDOWS\system32\aisysUS.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\betterinternet.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\system32\betterinternet.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\broadcastpc.exe/data0002 Infected: not-a-virus:AdWare.Win32.Broadcap.a skipped
C:\WINDOWS\system32\broadcastpc.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.Broadcap.a skipped
C:\WINDOWS\system32\broadcastpc.exe/data0003 Infected: not-a-virus:AdWare.Win32.Broadcap.a skipped
C:\WINDOWS\system32\broadcastpc.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dmvlite.exe Infected: not-a-virus:AdWare.Win32.EZula.ah skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\horoscope.exe/data0001 Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\WINDOWS\system32\horoscope.exe AWInstall: infected - 1 skipped
C:\WINDOWS\system32\horoscope.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\mipch.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\system32\mipch.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\mssysapps\betterinternet.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\system32\mssysapps\betterinternet.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\pdfgk.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\WINDOWS\system32\pdfgk.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\qjcfx.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\qjcfx.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\qjcfx.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\qjcfx.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\qjcfx.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\qjcfx.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\vertone.exe/data0002 Infected: Trojan-Downloader.Win32.Envolo.b skipped
C:\WINDOWS\system32\vertone.exe/data0004 Infected: Trojan-Downloader.Win32.Envolo.c skipped
C:\WINDOWS\system32\vertone.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\webrebates_installas.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\wrxuao.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\wrxuao.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\wrxuao.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\wrxuao.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\wrxuao.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\wrxuao.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\wtta.exe Infected: not-a-virus:AdWare.Win32.PurityScan.v skipped
C:\WINDOWS\temp\asat0000.tmp Object is locked skipped
C:\WINDOWS\temp\asat0001.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\WINDOWS\woinstall.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\ΑppPatch\alg.exe Object is locked skipped
D:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP383\change.log Object is locked skipped

Scan process completed.









Logfile of HijackThis v1.99.1
Scan saved at 8:37:09 PM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....ink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#11
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi boomercj, :whistling:

The computer is running nicely now. You eliminated the error messages at start up that the tech I paid couldn't get rid of! What a wonderful job you did!!!


That's good to hear and ... you're very welcome.

I did uninstall Viewpoint Media Player, but there is still a folder in Program Files. Should I delete that too?


Yes you may.

Unfortunately Kaspersky says it found 35 viruses.


So it did what we wanted it to do: find the bad guys and delete them.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if listed:

C:\WINDOWS\greenuns.exe
C:\WINDOWS\ssqb.exe
C:\WINDOWS\system32\aisysUS.exe
C:\WINDOWS\system32\betterinternet.exe
C:\WINDOWS\system32\broadcastpc.exe
C:\WINDOWS\system32\dmvlite.exe
C:\WINDOWS\system32\horoscope.exe
C:\WINDOWS\system32\mipch.exe
C:\WINDOWS\system32\mssysapps\betterinternet.exe
C:\WINDOWS\system32\mssysapps\webrebates.exe
C:\WINDOWS\system32\pdfgk.exe
C:\WINDOWS\system32\qjcfx.exe
C:\WINDOWS\system32\vertone.exe
C:\WINDOWS\system32\webrebates_installas.exe
C:\WINDOWS\system32\wrxuao.exe
C:\WINDOWS\system32\wtta.exe
C:\WINDOWS\woinstall.exe

Let me know if you had problems with this step.

As a last check up please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Please post the ActiveScan report for review.
  • 0

#12
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Good Afternoon, or really Good Evening!

I messed up somewhere. But first things first.

I deleted the Viewpoint Folder in Program Files.

I deleted the following:

C:\WINDOWS\greenuns.exe
C:\WINDOWS\ssqb.exe
C:\WINDOWS\system32\aisysUS.exe
C:\WINDOWS\system32\betterinternet.exe
C:\WINDOWS\system32\broadcastpc.exe
C:\WINDOWS\system32\dmvlite.exe
C:\WINDOWS\system32\horoscope.exe
C:\WINDOWS\system32\mipch.exe
C:\WINDOWS\system32\mssysapps\betterinternet.exe
C:\WINDOWS\system32\mssysapps\webrebates.exe
C:\WINDOWS\system32\pdfgk.exe
C:\WINDOWS\system32\qjcfx.exe
C:\WINDOWS\system32\vertone.exe
C:\WINDOWS\system32\webrebates_installas.exe
C:\WINDOWS\system32\wrxuao.exe
C:\WINDOWS\system32\wtta.exe
C:\WINDOWS\woinstall.exe


Now for Panda....

When I got to the website and clicked the scan now button, nothing happened. So I went to the left side of the web page and clicked on download a trial version. That worked and after much form filling and clicking I was able to run a scan, but I don't think it's the one you are looking for:

Panda Antivirus 2007 incident report

EVENT DATE RESULTS ADDITIONAL INFORMATION
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan completed 09/02/06 11:35:34 Scan: All My Computer
Adware detected: Adware/PurityScan 09/02/06 11:33:45 Eliminated Location: C:\WINDOWS\?ppPatch\alg.exe
Virus detected: Trj/Qhost.gen 09/02/06 11:32:25 Disinfected Location: C:\WINDOWS\system32\drivers\etc\hosts.bak
Virus detected: Trj/Qhost.gen 09/02/06 11:20:37 Notified Location: C:\Program Files\support.com\backup\ho\hosts.bak\6392_547d9b43f_[hosts.bak]
Spyware detected: Cookie/Azjmp 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Adrevolver 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Azjmp 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/2o7 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Mediaplex 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Statcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Atlas DMT 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/cs.sexcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Statcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Server.iad.Liveperson 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[87229457]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Serving-sys 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Serving-sys 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/2o7 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/BurstNet 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Serving-sys 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/DomainSponsor 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Doubleclick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/WebtrendsLive 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Statcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/cs.sexcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Statcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/WUpd 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Mediaplex 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Humanclick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[69744647]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/RealMedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/SexList 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Atlas DMT 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/CentrPort 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Statcounter 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Searchportal 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Mediaplex 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Com.com 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Valueclick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Traffic Marketplace 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Overture 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/WebtrendsLive 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware detected: Cookie/Coremetrics 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Humanclick 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Bfast 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Go 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Xiti 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/CentrPort 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Server.iad.Liveperson 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Hitbox 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Server.iad.Liveperson 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[87229457]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Serving-sys 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Azjmp 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Hitbox 09/02/06 11:20:32 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Doubleclick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/2o7 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Statcounter 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Maxserving 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/QuestionMarket 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/PointRoll 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Doubleclick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/FastClick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/YieldManager 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/BurstNet 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Com.com 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Zedo 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/WUpd 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/2o7 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Casalemedia 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Falkag 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Valueclick 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Hitbox 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_[]
Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Atlas DMT 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
  • 0

#13
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
I missed some the first time around....... Also, I think I couldn't run the scan from the web site because I reactivated Windows Defender the other night because I knew the young people in the house would be online while I was at work. I forgot to turn it off before I started this morning. :whistling:

Spyware detected: Cookie/Tribalfusion 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_[]
Spyware detected: Cookie/Atlas DMT 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Spyware detected: Cookie/Advertising 09/02/06 11:20:31 Notified Location: C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_[]
Tracking program detected: Application/KillApp.B 09/02/06 11:04:34 Eliminated Location: C:\hp\bin\KillIt.exe
Tracking program detected: Application/HideWindow.A 09/02/06 11:04:34 Eliminated Location: C:\hp\bin\FondleWindow.exe
Update 09/02/06 11:00:29 OK New threat signatures: 0
Tracking program detected: application/funweb 09/02/06 11:00:01 Eliminated Location: C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Tracking program detected: Application/Processor 09/02/06 10:59:41 Eliminated Location: C:\Documents...\smitRem.exe[Process.exe]
Spyware detected: Spyware/7r7t 09/02/06 09:25:49 Eliminated Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe
Spyware detected: Spyware/7r7t 09/02/06 09:25:49 Eliminated Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker_installerv34[1].exe
Spyware detected: Spyware/7r7t 09/02/06 09:25:45 Eliminated Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFGC0GOJ\thin_poker_installerV34[1].exe
Spyware detected: Spyware/7r7t 09/02/06 09:25:40 Eliminated Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe
Adware detected: Adware/Beginto 09/02/06 09:25:40 Eliminated Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\sp[1].js
Spyware detected: Spyware/7r7t 09/02/06 09:25:32 Eliminated Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQJSCVNZ\thin_poker_installerV34[2].exe
Spyware detected: Cookie/888 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
Spyware detected: Cookie/BetterInet 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
Spyware detected: Cookie/Belnk 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware detected: Cookie/Cassava 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware detected: Cookie/Belnk 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
Spyware detected: Cookie/OfferOptimizer 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware detected: Cookie/Transponder 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware detected: Cookie/Twain-Tech 09/02/06 09:25:25 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
Spyware detected: Cookie/888 09/02/06 09:25:24 Eliminated Location: C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Adware detected: adware/wintools 09/02/06 09:24:30 Eliminated Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}
Adware detected: adware/topmoxie 09/02/06 09:24:30 Eliminated Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
Tracking program detected: application/mywebsearch 09/02/06 09:24:27 Eliminated Location: {07B18EA1-A523-4961-B6BB-170DE4475CCA}
Adware detected: adware/transponder 09/02/06 09:24:21 Eliminated Location: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ABI-1
Adware detected: adware/sidesearch 09/02/06 09:24:20 Eliminated Location: C:\Documents and Settings\Owner\Application Data\Lycos
Dialer detected: dialer.su 09/02/06 09:24:20 Eliminated Location: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SWITCH
Adware detected: adware/beginto 09/02/06 09:24:19 Eliminated Location: C:\WINDOWS\SYSTEM32\cache32_rtneg
Adware detected: adware/dealhelper 09/02/06 09:24:16 Eliminated Location: C:\WINDOWS\dsearch1.bin
Adware detected: adware/broadcastpc 09/02/06 09:24:15 Eliminated Location: C:\PROGRAM FILES\COMMON FILES\JAVA\bcre.exe
Adware detected: adware/delfinmedia 09/02/06 09:24:15 Eliminated Location: C:\keys.ini
Tracking program detected: application/funweb 09/02/06 09:24:14 Eliminated Location: C:\WINDOWS...\f3initialsetup1.0.0.15.inf
Scan started 09/02/06 09:23:07 Scan: All My Computer
Adware detected: adware/twain-tech 09/02/06 09:22:18 Eliminated Location: C:\WINDOWS\SYSTEM32\polall1m.exe
Update 09/02/06 09:21:45 OK Identifiers of alteration of archives
Update 09/02/06 09:21:38 OK New threat signatures: 14780
  • 0

#14
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
I was right, it was the windows defender that interferred with the online Panda Scan. I'm running that scan now.
  • 0

#15
boomercj

boomercj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
This is the Active Ware scan.

I goofed up before, sorry. :whistling:

Incident Status Location

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.doubleclick.net/]
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.centrport.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][servedby.advertising.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][server.iad.liveperson.net/hc/87229457]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.perf.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.xiti.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.com.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.as-eu.falkag.net/]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][searchportal.information.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.valueclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.fastclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\14190_5ff3d7be5_.vir[cookies.txt][sel.as-eu.falkag.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.fastclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.azjmp.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.mediaplex.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.perf.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][statse.webtrendslive.com/dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.statcounter.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][data.coremetrics.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.cs.sexcounter.com/]
Spyware:Cookie/SexList Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.sexlist.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][hc2.humanclick.com/hc/69744647]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][.bfast.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\28584_50513a391_.vir[cookies.txt][landing.domainsponsor.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.hitbox.com/]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.revenue.net/]
Spyware:Cookie/Go Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.perf.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.2o7.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\8578_5d8c7d835_.vir[cookies.txt][.burstnet.com/]
Virus:Trj/Qhost.gen Not disinfected C:\Program Files\support.com\backup\ho\hosts.bak\6392_547d9b43f_.vir[hosts.bak]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP