Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Taskbar Ads


  • This topic is locked This topic is locked

#1
Andrew01

Andrew01

    New Member

  • Member
  • Pip
  • 9 posts
Hi there, I'm not very skilled when it comes to computers but I'm smart enough to figure out that the icons in my task bar that are telling me that there are viruses on my computer are nothing more than ads. I have scanned my computer and cannot figure out how to get these [bleep] ads of my computer even as I type this ads are popping up. when I click on it it takes me to a website (http://www.anti-vermins.com/?aff=334) and as you can see its probably a affiliate link so the guy who is responsible is getting paid for my suffering. I included some pictures of what I am talking about. Please help me. also just now I got window saying I have viruses and to click ok and download the [bleep] thing so now its not just in the task bar! :whistling:
Posted Image
Posted Image
  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Andrew01

Andrew01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I should have probably have mentioned I have two hard drives one for files from my old computer © and the other has windows and everything else not from my old computer (D) I didn't see anything from my C hard drive on there but it should not have come from my old computer since I didn't have this problem before. Thank you so much this thing is really annoying.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:22 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\windows\Explorer.EXE
D:\windows\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\progra~1\mcafee\mcafee antispyware\massrv.exe
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\windows\system32\nvsvc32.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\windows\system32\RUNDLL32.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\progra~1\mcafee\MCAFEE~1\masalert.exe
D:\Program Files\ResChanger 2005\ResChanger2005.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\windows\system32\wuauclt.exe
D:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - D:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - D:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] d:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [ResChanger 2005] D:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [XP Tools] D:\Program Files\XP Tools\xptools.exe /min
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - D:\windows\system32\cthkpcv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - d:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\windows\system32\nvsvc32.exe

Edited by Andrew01, 27 December 2006 - 01:50 PM.

  • 0

#4
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan. Then do this - download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#5
Andrew01

Andrew01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Heres the AVG Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:15:05 PM 12/27/2006

+ Scan result:



D:\Program Files\Video ActiveX Object -> Adware.Generic : Cleaned with backup (quarantined).
D:\Program Files\Video ActiveX Object\iesplugin.dll -> Adware.Generic : Cleaned with backup (quarantined).
D:\Program Files\Video ActiveX Object\iesuninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
D:\Program Files\Video ActiveX Object\isauninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
D:\Program Files\Video ActiveX Object\ot.ico -> Adware.Generic : Cleaned with backup (quarantined).
D:\Program Files\Video ActiveX Object\pmuninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
D:\Program Files\Video ActiveX Object\ts.ico -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-1677128483-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A1DDC19-5893-43AB-A73F-F41A0F34D115} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-527237240-1677128483-839522115-1004\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5} -> Adware.Malwarewipe : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{DE07709F-F1A0-494C-B1EA-D8194B7EDC3B}\RP3\A0000201.exe -> Adware.MalwareWiped : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{DE07709F-F1A0-494C-B1EA-D8194B7EDC3B}\RP5\A0000338.exe -> Adware.MalwareWiped : Cleaned with backup (quarantined).
:mozilla.120:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.90:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.91:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.92:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.93:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.94:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.37:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.78:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.20:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.137:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.87:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.88:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.100:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.101:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.102:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.99:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.141:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.143:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.28:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.29:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.30:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.31:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.33:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.55:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.56:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.57:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.58:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.59:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.138:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
D:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.95:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.79:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.80:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.82:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.83:D:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\964txr9u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


SUPERAntiSpyware Log:


SUPERAntiSpyware Scan Log
Generated 12/27/2006 at 02:38 PM

Application Version : 3.4.1000

Core Rules Database Version : 3154
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 00:16:49

Memory items scanned : 420
Memory threats detected : 1
Registry items scanned : 3475
Registry threats detected : 20
File items scanned : 32568
File threats detected : 16

Trojan Downloader-SystemAlert/Resident.Process
D:\WINDOWS\SYSTEM32\CTHKPCV.DLL
D:\WINDOWS\SYSTEM32\CTHKPCV.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKCR\CLSID\{B59F3BA4-98DA-4B5F-8A2D-7B56FB11140B}
HKCR\CLSID\{B59F3BA4-98DA-4B5F-8A2D-7B56FB11140B}\InProcServer32
HKCR\CLSID\{B59F3BA4-98DA-4B5F-8A2D-7B56FB11140B}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#buprestidae
HKCR\CLSID\{B59F3BA4-98DA-4B5F-8A2D-7B56FB11140B}

Adware.Tracking Cookie
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][2].txt
D:\Documents and Settings\User\Cookies\[email protected][2].txt
D:\Documents and Settings\User\Cookies\[email protected][2].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][2].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt
D:\Documents and Settings\User\Cookies\[email protected][1].txt

Trojan.MalwareWipe
HKCR\AppId\MalwareWipe.EXE
HKCR\AppId\MalwareWipe.EXE#AppID
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\bjxvHnkrzy
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\InprocServer32
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\InprocServer32#ThreadingModel
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\ogaw
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\oRkpveh
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\sioe
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\ypzqrhc

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString


and the HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 2:45:09 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\windows\system32\spoolsv.exe
D:\windows\Explorer.EXE
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\windows\system32\RUNDLL32.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\progra~1\mcafee\MCAFEE~1\masalert.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\ResChanger 2005\ResChanger2005.exe
D:\Program Files\XP Tools\xptools.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\XP Tools\xptools.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\progra~1\mcafee\mcafee antispyware\massrv.exe
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\windows\system32\nvsvc32.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\windows\system32\wuauclt.exe
D:\windows\system32\wuauclt.exe
D:\windows\system32\notepad.exe
D:\windows\system32\NOTEPAD.EXE
D:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - D:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] d:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ResChanger 2005] D:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [XP Tools] D:\Program Files\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - d:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\windows\system32\nvsvc32.exe



The SUPERAntiSpyware Scan seems to have fixed the problem :whistling: does that mean its gone forever or is it just quarantined for now?

  • 0

#6
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Same thing. Your log looks OK - how is it running now?
  • 0

#7
Andrew01

Andrew01

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It's running great thank you for all your help! :whistling:
  • 0

#8
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :whistling:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP