Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer - suspicion of trojans [RESOLVED]


  • This topic is locked This topic is locked

#1
Slowest_Computer_Ever

Slowest_Computer_Ever

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:42:33 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sprint DSL virtual assistant\bin\SprintVirtualAssistant.exe
C:\PROGRA~1\HEWLET~1\hpis\common\MOTIVE~1.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\jackie.COMPUTER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...75/mcinsctl.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa....plugins/ncs.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, Slowest_Computer_Ever. :whistling:

Welcome to Geeks to go.

There is the presence of a trojan in your running processes.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly in Safe Mode.

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido .
Restart back into Windows normally now.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a fresh Hijackthis log along with the Ewido and ActiveScan reports.
  • 0

#3
Slowest_Computer_Ever

Slowest_Computer_Ever

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
First of all, thank you so much for your help so far.

It looks as though I still got some malware lurking around somewhere though...

Anyway, here are the reports.


The Ewido Anti-Spyware Report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:26:41 PM 9/19/2006

+ Scan result:



C:\Program Files\Enigma Software Group\SpyHunter\Backup\webhdll.dll.dat/Documents and Settings/Nick/Local Settings/Temp/WZS4.tmp/Webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Jackie\Local Settings\Temporary Internet Files\Content.IE5\UPV4LCR2\wayb_ao[1].exe -> Downloader.Swizzor.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP434\A0092365.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP441\A0096059.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP441\A0096823.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP447\A0099909.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP447\A0099948.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP455\A0101278.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP477\A0104489.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\jackie.COMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTYZ8DUZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\jackie.COMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\WZ1BYI7L\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\jackie.COMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\WZ1BYI7L\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Local Settings\Temporary Internet Files\Content.IE5\O1M7SP6R\functions[1].js -> Not-A-Virus.Exploit.IframeJS : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected]e-2dj6wjk4aldzelq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected]groupernetworks.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat/Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\jackie.COMPUTER\Application Data\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\trav\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


Panda Active Scan Report:



Incident Status Location

Adware:adware/comet Not disinfected c:\windows\inf\dm.inf
Adware:adware program Not disinfected c:\windows\ss3unstl.exe
Adware:adware/buddylinks Not disinfected
c:\programfiles\commonfiles\PSDTools
Adware:adware/downloadware Not disinfected
c:\programfiles\MedCh
Potentially unwanted tool:application/mywebsearch Not disinfected c:\programfiles\MyWebSearch
Spyware:spyware/searchcentrix Not disinfected
WindowsRegistry
Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\jackie.COMPUTER\ApplicationData\Mozilla\Firefox\Profiles\ipoghig3.default\cookies.txt.atwola.com/]
Spyware:Cookie/2o7 Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/PointRoll Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Advertising Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Atlas DMT Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Bfast Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Bilbo.counted Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Bluestreak Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/BurstNet Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Casalemedia Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Doubleclick Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/FastClick Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Mediaplex Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/QuestionMarket Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Statcounter Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/WebtrendsLive Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Tribalfusion Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/BurstBeacon Not disinfected
C:\Documents and Settings\jackie.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Go Not disinfected
C:\Documents and Settings\Nick\Cookies\[email protected][2].txt

Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Go Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Maxserving Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Qsrch Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Rightmedia Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][2].txt

Spyware:Cookie/Tickle Not disinfected
C:\Documents and Settings\nick.COMPUTER\Cookies\[email protected][1].txt

Spyware:Cookie/Apmebf Not disinfected
C:\Documents and Settings\trav\Cookies\[email protected][2].txt

Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\trav\Cookies\[email protected][1].txt

Spyware:Cookie/bravenetA Not disinfected
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt]

Spyware:Cookie/Belnk Not disinfected
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt]

Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt]

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/jackie.COMPUTER/Cookies/[email protected][1].txt]

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/jackie.COMPUTER/Cookies/[email protected][2].txt]

Adware:Adware/WebHancer Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\whagent.inf.dat[Documents and Settings/Nick/Local Settings/Temp/WZS4.tmp/whAgent.inf]

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:47 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WService.EXE
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\America Online 9.0e\waol.exe
C:\Program Files\America Online 9.0e\shellmon.exe
C:\Program Files\America Online 9.0e\aolwbspd.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\jackie.COMPUTER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...75/mcinsctl.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa....plugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76131B35-7AB7-4DFE-B3C9-77515FBA0DD3}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, Slowest_Computer_Ever :whistling:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa....plugins/ncs.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab


Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Dealio
Viewpoint Manager
Viewpoint Toolbar
Viewpoint Media player


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Dealio
C:\Program Files\Viewpoint
c:\Program Files\commonfiles\PSDTools
c:\Program Files\MedCh
c:\Program Files\MyWebSearch
c:\programfiles\commonfiles\PSDTools
c:\programfiles\MedCh
c:\programfiles\MyWebSearch


Note: Seems that you have two Program Files folders????

Run Killbox.exe. Paste the following locations into Killbox one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click no...and proceed with the next file. Once you get to the last one click YES and it will reboot.

c:\windows\inf\dm.inf

c:\windows\ss3unstl.exe

C:\Program Files\Enigma Software Group\SpyHunter\Backup\whagent.inf.dat

C:\Documents and Settings/Nick/Local Settings/Temp/WZS4.tmp/whAgent.inf

C:\Windows\System32\WService.EXE


Post a fresh Hijackthis log after a reboot and let me know how is the comuter doing.

Edited by JSntgRvr, 23 September 2006 - 01:51 PM.

  • 0

#5
Slowest_Computer_Ever

Slowest_Computer_Ever

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ah, yes...I believe there are two program files because my brother was trying to reinstall Windows XP and accidentally partitioned the hard drive so I now have the two Windows XPs on my computer. Of course, the older XP is no longer accessible, but I am able to delete some of its files using the Spybot S&D Secure Shredder.

Do you know of any way to just delete my other "version" of Windows entirely...without reinstalling Windows? I know you guys focus on malware removal, so I didn't want to bother you with that question but now it seems to be interfering with the process...

As a result of my brother's mishap, I was unable to complete this part of your instructions:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Program Files\Dealio
c:\programfiles\commonfiles\PSDTools
c:\programfiles\MedCh
c:\programfiles\MyWebSearch


You may be wondering why I didn't delete the Dealio file...

That is because when I went to do this:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Dealio


....I got a message saying that the system could not remove Dealio while in safe mode, though I could remove all of the viewpoint files.

Should I try to remove Dealio in the same way but in normal operation?

I suppose I could've deleted the Dealio file in the program files...but I wanted to check with you first, because I didn't want to do anything out of order.


Anyway, here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 6:46:21 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jackie.COMPUTER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...75/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe


As always, I really appreciate the help. :whistling:
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, Slowest_Computer_Ever :whistling:

Should I try to remove Dealio in the same way but in normal operation?

I suppose I could've deleted the Dealio file in the program files...but I wanted to check with you first, because I didn't want to do anything out of order.


Yes, remove the program in Normal Mode.

The log looks clear. How is the computer doing?
  • 0

#7
Slowest_Computer_Ever

Slowest_Computer_Ever

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hmm...
I go to remove the program in normal mode, but it seems to stop at "gathering required information". And by "stop" I mean it just goes away like it normally does, but unlike the normal uninstallation process, the program remains in my list of programs.


Other than that...the computer seems great! :whistling:
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, Slowest_Computer_Ever :whistling:

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
Dealio

[Exclude]

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

  • 0

#9
Slowest_Computer_Ever

Slowest_Computer_Ever

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 9/23/2006 7:55:23 PM for strings:
; 'dealio'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C00A371-2011-4AF3-97C8-6CE66AA744CB}]
@="DealioSearch Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C00A371-2011-4AF3-97C8-6CE66AA744CB}\InprocServer32]
@="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C00A371-2011-4AF3-97C8-6CE66AA744CB}\ProgID]
@="Dealio.DealioSearch.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C00A371-2011-4AF3-97C8-6CE66AA744CB}\VersionIndependentProgID]
@="Dealio.DealioSearch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C4C24D0-28B6-4B6B-B70F-E09848367F10}]
@="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C4C24D0-28B6-4B6B-B70F-E09848367F10}\InprocServer32]
@="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C4C24D0-28B6-4B6B-B70F-E09848367F10}\ProgID]
@="Dealio.CDealioSidebar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C4C24D0-28B6-4B6B-B70F-E09848367F10}\VersionIndependentProgID]
@="Dealio.CDealioSidebar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F038672-0425-4792-BC9C-36DE3308E8AA}]
@="DealioToolbarHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F038672-0425-4792-BC9C-36DE3308E8AA}\InprocServer32]
@="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F038672-0425-4792-BC9C-36DE3308E8AA}\ProgID]
@="Dealio.DealioToolbarHelper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F038672-0425-4792-BC9C-36DE3308E8AA}\VersionIndependentProgID]
@="Dealio.DealioToolbarHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A980F531-6440-4E4E-9A40-339E2DB46F6E}]
@="DealioJSHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A980F531-6440-4E4E-9A40-339E2DB46F6E}\InprocServer32]
@="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A980F531-6440-4E4E-9A40-339E2DB46F6E}\ProgID]
@="Dealio.DealioJSHelper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A980F531-6440-4E4E-9A40-339E2DB46F6E}\VersionIndependentProgID]
@="Dealio.DealioJSHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
@="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\InprocServer32]
@="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ProgID]
@="Dealio.DealioToolbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\VersionIndependentProgID]
@="Dealio.DealioToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar]
@="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar\CurVer]
@="Dealio.CDealioSidebar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar.1]
@="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.CDealioSidebar.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO]
@="DealioBHO Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO\CurVer]
@="Dealio.DealioBHO.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO.1]
@="DealioBHO Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioBHO.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper]
@="DealioJSHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper\CurVer]
@="Dealio.DealioJSHelper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper.1]
@="DealioJSHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioJSHelper.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch]
@="DealioSearch Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch\CurVer]
@="Dealio.DealioSearch.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch.1]
@="DealioSearch Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioSearch.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar]
@="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar\CurVer]
@="Dealio.DealioToolbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar.1]
@="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbar.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper]
@="DealioToolbarHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper\CurVer]
@="Dealio.DealioToolbarHelper.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper.1]
@="DealioToolbarHelper Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealio.DealioToolbarHelper.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\3DA8FE1A3D975EE49BA664ECC1E5C01C]
"Dealio"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3DA8FE1A3D975EE49BA664ECC1E5C01C]
"ProductName"="Dealio Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3DA8FE1A3D975EE49BA664ECC1E5C01C\SourceList]
"PackageName"="Dealio Toolbar.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A}]
@="IDealioToolbarHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD}]
@="IDealioToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37CA468A-E8A4-4691-97A7-E87011264309}]
@="IDealioSidebar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960}]
@="IDealioBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2}]
@="IDealioJSHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4C1E5902-FE99-4591-8582-2A2605462857}\1.0]
@="Dealio 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4C1E5902-FE99-4591-8582-2A2605462857}\1.0\0\win32]
@="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4C1E5902-FE99-4591-8582-2A2605462857}\1.0\HELPDIR]
@="C:\\Program Files\\Dealio\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio]
"installDir"="C:\\Program Files\\Dealio\\"
"serverURL"="http://srch.dealio.c...om/cgi/api.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.109]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.109]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.109.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.155]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.155]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.155.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.156]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.156]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.156.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.178]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.178]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.178.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.188]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.188]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.188.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.189]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.189]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.189.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.196]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.196]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.196.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.198]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.198]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.198.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.199]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.199]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.199.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.200]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.200.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.201]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.201]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.201.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.203]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.203]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.203.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.205]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.205]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.205.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.214]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.214]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.214.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.215]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.215]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.215.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.216]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.216.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.217]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.217]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.217.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.218]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.218]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.218.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.219]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.219]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.219.18"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.220]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.220]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.220.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.221]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.221]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.221.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.222]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.222]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.222.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.223]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.223]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.223.18"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.226]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.226]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.226.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.227]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.227]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.227.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.228]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.228]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.228.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.229]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.229]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.229.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.24]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.24.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.28]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.28.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.34]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.34.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.49]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.49.9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.50]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.50.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.51]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.51.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.52]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.52.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.53]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.53.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.54]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.54.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.55]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.55.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.56]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.56.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.57]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.57.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.58]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.58.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.66]

[HKEY_LOCAL_MACHINE\SOFTWARE\Dealio\rules\v19\1.66]
"file"="C:\\Program Files\\Dealio\\rules\\rules.1.66.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{5C4C24D0-28B6-4B6B-B70F-E09848367F10}]
"Name"="Dealio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\au]
"item"="DealioAu"
"command"="\"C:\\Program Files\\Dealio\\DealioAu.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio\\"="1"
"C:\\Program Files\\Dealio\\res\\"="1"
"C:\\Program Files\\Dealio\\rules\\"="1"
"C:\\Program Files\\Dealio\\temp\\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C8E9FC9E9BC1E94887DBFDB39770250]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="C:\\Program Files\\Dealio\\Services.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14EEC1D38913B8C41922211853E57A92]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="01:\\SOFTWARE\\Dealio\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DFCD0C7D58388F44B7CC74804801DF0]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="C:\\Program Files\\Dealio\\Dealio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C045F4064130EC419270C7E92EFCDC8]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="02:\\SOFTWARE\\Dealio\\installDir"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34725F572C764614F9FFDCBCCA6DAFD8]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="C:\\Program Files\\Dealio\\DealioAU.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36393D9D35F3CE64D8E556D7620BE5E9]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="C:\\Program Files\\Dealio\\res\\as_sidebar.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\680E930280C5C764A9A7A5D037D6FAB9]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="C:\\Program Files\\Dealio\\rules\\rules.1.156.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E2D3CAAC9527B43BD161A990730570]
"3DA8FE1A3D975EE49BA664ECC1E5C01C"="C:\\Program Files\\Dealio\\temp\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA8FE1A3D975EE49BA664ECC1E5C01C\Features]
"Dealio"="x0k!oCFUl=LhbAPQ_QuZ=HHF-ONZ`=O*[email protected]'Tc0&Z-5HF``[email protected]%]tU_7u_*[@p2)QQ3RxH1SL$[email protected]~fWAPpJYRQa**(S-PvMM_M$9b)fRj08g^U{&NZ$[email protected]%.5QseJ7?U?.23Va=hl={cFHSN{E4KiIKNZirGh?BL0(fX%(`$+9X0rvYwU?9niAKTXGjiWv}30f.~&@[email protected]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA8FE1A3D975EE49BA664ECC1E5C01C\InstallProperties]
"DisplayName"="Dealio Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1EF8AD3-79D3-4EE5-B96A-46CE1C5E0CC1}]
"DisplayName"="Dealio Toolbar"

[HKEY_USERS\S-1-5-21-1547161642-1202660629-1801674531-1004\Software\Dealio]

[HKEY_USERS\S-1-5-21-1547161642-1202660629-1801674531-1004\Software\Dealio\history]

[HKEY_USERS\S-1-5-21-1547161642-1202660629-1801674531-1004\Software\Dealio\preferences]

; End Of The Log...
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, Slowest_Computer_Ever :whistling:

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Download the enclosed file: [attachment=10847:attachment]
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Dealio

Restart the computer. Let me know how it goes and how is the computer doing.
  • 0

#11
Slowest_Computer_Ever

Slowest_Computer_Ever

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything seem to be in working order. :whistling:

"Dealio Toolbar" is still on the add or remove programs list, but the icon looks different, and it has no file size.
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, Slowest_Computer_Ever. :blink:

I don't believe it will bother you anymore. The Registry fix was suppose to eliminate all instannces of Dealio.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Glad I could help. :whistling: Best wishes!
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP