Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinAntiVirusPro infection + logs


  • Please log in to reply

#1
Carter17

Carter17

    Member

  • Member
  • PipPip
  • 16 posts
i have recently been having problems with something called WinAntiVirusPro, constantly popping us and asking to download
now i cant open any file (for example My Documents) but i can open applications from my start menu
a minute ago the icons on my desktop seem to be flashing, but that seemed to have stopped

last night i ran a ewido scan, but that didnt seem to fix the problem at hand.
i ran a CleanUP! which cleared 1.2GB of files
the VundoFix can up with nothing infected
and i did a smitfraudfix scan (log listed after high jack this)

then finally here is a new high jack this log
plz help, thanx alot :whistling:


Logfile of HijackThis v1.99.1
Scan saved at 3:24:07 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1138502816\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunes.exe
c:\docume~1\carter\mydocu~1\firefox\firefox.exe
C:\Documents and Settings\Carter\My Documents\FIREFOX\firefox.exe
C:\Documents and Settings\Carter\Desktop\my downloads\VundoFix.exe
C:\Program Files\WinAce\winace.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\High J T\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carter\Application Data\Mozilla\Profiles\default\kc5ktxrv.slt\prefs.js)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138502816\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZS
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097378250562
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe










SmitFraudFix v2.104

Scan done at 15:21:15.34, Sun 10/01/2006
Run from C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carter


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carter\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Carter\FAVORI~1

C:\DOCUME~1\Carter\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements


#2
Carter17

Carter17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok, well i waited a bit and now i can open up folders
i also seem to be receiving pop up ads for websites like partypoker
  • 0

#3
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Right click Hijackthis.exe and rename it to HJT.exe

Rescan with HJT and post a new log

Thanks
  • 0

#4
Carter17

Carter17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok i renamed it, here is the new scan

Logfile of HijackThis v1.99.1
Scan saved at 4:04:32 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1138502816\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lexpps.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Carter\My Documents\FIREFOX\firefox.exe
C:\High J T\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carter\Application Data\Mozilla\Profiles\default\kc5ktxrv.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {D7F80451-17E9-4C12-828C-41D6713C5373} - C:\WINDOWS\system32\awvvw.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138502816\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZS
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097378250562
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Not exactly what I was expecting to see

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#6
Carter17

Carter17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok here is the combofix log

Carter - 06-10-04 16:38:15.31 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Carter\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Carter\My Documents\SSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-01 19:57 143,380 --a------ C:\WINDOWS\system32\edfegjti.exe
2006-10-01 19:56 45,525 --a------ C:\WINDOWS\system32\pkjbvdgh.dll
2006-10-01 07:58 856,501 ---hs---- C:\WINDOWS\system32\wvvwa.ini2
2006-09-30 19:56 837,112 ---hs---- C:\WINDOWS\system32\wvvwa.bak2
2006-09-30 19:56 45,525 --a------ C:\WINDOWS\system32\aidvmdbp.dll
2006-09-30 19:56 143,380 --a------ C:\WINDOWS\system32\qjbaefcx.exe
2006-09-29 19:56 45,525 --a------ C:\WINDOWS\system32\dphkkqet.dll
2006-09-29 19:56 143,380 --a------ C:\WINDOWS\system32\dtayygey.exe
2006-09-29 19:55 845,646 ---hs---- C:\WINDOWS\system32\wvvwa.bak1
2006-09-24 13:45 1,155,072 --------- C:\WINDOWS\UNNeroVision.exe
2006-09-24 13:43 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2006-09-24 13:43 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2006-09-24 13:43 26,784 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2006-09-24 13:43 1,155,072 --------- C:\WINDOWS\NuNinst.exe
2006-09-24 13:41 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-24 13:40 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2006-09-24 13:40 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2006-09-24 13:40 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2006-09-24 13:40 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2006-09-24 13:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-10 23:02 17,920 --a------ C:\WINDOWS\system32\mdimon.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 16:40 -------- d-------- C:\Program Files\Common Files
2006-10-04 16:37 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-10-04 08:33 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-03 18:38 -------- d-------- C:\Documents and Settings\Carter\Application Data\Xfire
2006-10-03 18:36 -------- d-------- C:\Program Files\Steam
2006-10-02 19:57 -------- d-------- C:\Program Files\VSToolbar
2006-10-01 19:58 -------- d-------- C:\Documents and Settings\Carter\Application Data\SearchToolbarCorp
2006-10-01 15:03 -------- d-------- C:\Program Files\GameSpy Arcade
2006-09-30 23:46 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-30 20:37 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-30 18:11 -------- d-------- C:\Documents and Settings\Carter\Application Data\Azureus
2006-09-30 18:06 -------- d-------- C:\Program Files\iTunes
2006-09-30 17:53 -------- d-------- C:\Program Files\iPod
2006-09-30 17:50 -------- d-------- C:\Program Files\QuickTime
2006-09-30 17:44 -------- d-------- C:\Program Files\Apple Software Update
2006-09-28 20:33 -------- d-------- C:\Program Files\mIRC
2006-09-27 16:53 -------- d-------- C:\Program Files\Image-Line
2006-09-24 13:45 -------- d-------- C:\Documents and Settings\Carter\Application Data\NeroVision
2006-09-24 13:44 -------- d-------- C:\Program Files\Ahead
2006-09-24 13:40 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-22 05:38 -------- d---s---- C:\Program Files\Xfire
2006-09-21 17:24 -------- d-------- C:\Documents and Settings\Carter\Application Data\Skype
2006-09-20 20:39 -------- d-------- C:\Program Files\Fraps
2006-09-17 16:21 -------- d-------- C:\Program Files\America's Army
2006-09-17 12:38 -------- d-------- C:\Program Files\HLSW
2006-09-13 16:27 -------- d-------- C:\Program Files\AOL
2006-09-13 16:27 -------- d-------- C:\Program Files\AOD
2006-09-13 16:26 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-10 23:04 -------- d---s---- C:\Documents and Settings\Carter\Application Data\Microsoft
2006-09-10 23:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-10 23:00 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-10 23:00 -------- d-------- C:\Program Files\Microsoft Office
2006-09-10 23:00 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-10 23:00 -------- d-------- C:\Program Files\Common Files\System
2006-09-10 23:00 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-09 20:20 -------- d-------- C:\Program Files\JimbobSoft
2006-09-09 19:59 -------- d-------- C:\Program Files\MTV Networks
2006-09-09 19:51 -------- d-------- C:\Program Files\Windows Media Player
2006-09-09 19:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-09 19:39 -------- d-------- C:\Program Files\otherslikeyou.com Inc
2006-09-09 19:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-09 13:16 -------- d-------- C:\Program Files\Citrix
2006-09-09 13:16 -------- d-------- C:\Documents and Settings\Carter\Application Data\ICAClient
2006-08-31 11:48 -------- d-------- C:\Program Files\@Last Software
2006-08-30 21:38 -------- d-------- C:\Program Files\Furcadia
2006-08-28 11:47 -------- d-------- C:\Program Files\NeoTracePro
2006-08-28 11:47 -------- d-------- C:\Program Files\HotRecorder
2006-08-28 11:45 -------- d-------- C:\Program Files\VoiceMaskPro
2006-08-28 11:45 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-26 12:43 -------- d-------- C:\Program Files\Total Video Converter
2006-08-25 20:36 -------- d-------- C:\Program Files\Starcraft
2006-08-25 13:32 -------- d-------- C:\Program Files\StealthBot
2006-08-25 13:26 967 --a------ C:\WINDOWS\ScUnin.pif
2006-08-25 13:26 70656 --a------ C:\WINDOWS\ScUnin.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-24 09:15 -------- d-------- C:\Program Files\Azureus
2006-08-16 11:02 -------- d-------- C:\Program Files\Common Files\GTK
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"Aim6"=""
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\\Program Files\\eMachines Bay Reader\\shwiconem.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"CHotkey"="zHotkey.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"tgcmd"="\"C:\\Program Files\\support.com\\bin\\tgcmd.exe\" /server"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1138502816\\ee\\AOLSoftware.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvw

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job

Completion time: Wed 10/04/2006 16:41:09.34
ComboFix.txt
  • 0

#7
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

click >>start>>control panel >>add/remove programs and uninstall the following if present:
VSToolbar

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\edfegjti.exe
    C:\WINDOWS\system32\pkjbvdgh.dll
    C:\WINDOWS\system32\wvvwa.ini2
    C:\WINDOWS\system32\wvvwa.bak2
    C:\WINDOWS\system32\aidvmdbp.dll
    C:\WINDOWS\system32\qjbaefcx.exe
    C:\WINDOWS\system32\dphkkqet.dll
    C:\WINDOWS\system32\dtayygey.exe
    C:\WINDOWS\system32\wvvwa.bak1
    C:\Program Files\VSToolbar



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After the reboot

Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#8
Carter17

Carter17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok, first I would like to thank you for the help

I tried to remove the VStoolbar, but every time i clicked "change/remove" nothing happened
then i deleted those files using Killbox
now here is the Panda's Activescan
then after that is a new high jack this log.



Incident Status Location

Adware:adware/securityerror Not disinfected C:\Documents and Settings\Carter\Favorites\Antivirus Test Online.url
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Carter\Favorites\~ VIP Free [bleep] ~.url
Adware:adware/weblookup Not disinfected c:\program files\Weblookup
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Spyware:spyware/media-motor Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d}
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\4sk0gww3.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\4sk0gww3.default\cookies-1.txt[.tickle.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.bfast.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.advertising.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.valueclick.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.advertising.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.yadro.ru/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.overture.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.adtech.de/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.xiti.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.hitbox.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Carter\Application Data\Mozilla\Firefox\Profiles\6jpz8joh.Default User ihjoihjo\cookies.txt[.spylog.com/]
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Carter\Desktop\my downloads\DODS Hacks\[Valve]Aimbot\[Valve] Aimbot.exe
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Carter\Desktop\my downloads\DODS Hacks\[Valve]Aimbot.zip[[Valve] Aimbot.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carter\Desktop\my downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carter\Desktop\Other programs\VundoFix\VundoFix\process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carter\Desktop\Other programs\VundoFix.exe[process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carter\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Diamond Kids\Application Data\Mozilla\Firefox\Profiles\a92hyhsz.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Diamond Kids\Application Data\Mozilla\Firefox\Profiles\a92hyhsz.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Diamond Kids\Application Data\Mozilla\Firefox\Profiles\a92hyhsz.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Diamond Kids\Application Data\Mozilla\Firefox\Profiles\a92hyhsz.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Diamond Kids\Application Data\Mozilla\Firefox\Profiles\a92hyhsz.default\cookies.txt[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Diamond Kids\Cookies\diamond [email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\America's Army\SmitfraudFix\Process.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.statcounter.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.statcounter.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.z1.adserver.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.belnk.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.servedby.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.bravenet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.zedo.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.maxserving.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.adultfriendfinder.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.com.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.qksrv.net/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.as-us.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.a.as-us.falkag.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.questionmarket.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][statse.webtrendslive.com/dcsiot4nx0000082b8ihm6nso_4b6o]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.247realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.serving-sys.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.2o7.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][server.iad.liveperson.net/hc/43327648]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.server.iad.liveperson.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][ad.yieldmanager.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.spylog.com/]
Spyware:Cookie/XXXtoolbar Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.xxxtoolbar.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.hitbox.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.valueclick.com/]
Spyware:Cookie/888 Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.888.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][as1.falkag.de/]
Spyware:Cookie/Enhance Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][c.enhance.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.abcsearch.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.findwhat.com/]
Spyware:Cookie/GoClick Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][c.goclick.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.ath.belnk.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][server.iad.liveperson.net/hc/40613454]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.apmebf.com/]
Spyware:Cookie/Tickle Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.tickle.com/]
Spyware:Cookie/SAHAgent Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][www.shopathomeselect.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.ehg-idg.hitbox.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.stats1.reliablestats.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\support.com\backup\co\cookies-1.txt\122497_5b939faeb_[cookies-1.txt][.atwola.com/]
Spyware:Cookie/Target
  • 0

#9
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Not much of concern in the panda report

Deleting Cookies on Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.
Delete These two out of your favorites
Antivirus Test Online.url
~ VIP Free [bleep] ~.url

I dont see your hijack log, can you post it and tell me how everything is behaving.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP