Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

http://viruswebprotect.com 3 icons and biohazard in tray [RESOLVED]


  • This topic is locked This topic is locked

#1
arghhfrustrated

arghhfrustrated

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

I have followed the instructions as asked before posting here including the scans, AVG, Panda, Windows updates etc...
I have 3 icons on my desktop that always come back when deleted and emptied from the recycle bin. They all point to http://viruswebprotect.com Also, there are popups almost every minute with a variety of messages urging me to download recommended software from said site. Also, a red biohazard flashes periodically in my system tray in the bottom right of the screen and says stuff to the same effect, but nothing about website. Finally, a message periodically pops up saying that i have worm.win32.netsky and asks if I want to clean it immediatly because its risk is 5 out of 5.

My computer is running very slow and the popups make it impossible to do anything. Please help if you can!

Here is the Hikack this scan file with the uninstall list following. Thank you in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:53 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Muratec\F110\SmarThru\PORTCTRL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - X?­49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - ¸?­8ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - ˆ?­3D70E-1895-11CF-8E15-001234567890} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Muratec\F110\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\8A4UESSM\install_sbd_en[1].exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -scan -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xa...ice/xancamx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: admggxp - {1C6238B5-484B-46F3-B092-8FC4C8B0704A} - C:\WINDOWS\admggxp.dll
O21 - SSODL: bdmnopx - {6B9389A5-7871-4DB7-B7BD-23CD6E779EA1} - C:\WINDOWS\bdmnopx.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/b/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 11187 bytes

Uninstall list

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Advanced MP3/WMA Recorder 3.7.6
ALPS Touch Pad Driver
Audio MP3/WMA Recorder
AVG 7.5
BPS MP3-WAV Converter version 5.0.0.0
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Charter High Speed Internet Self-Installation Wizard
Charter Pipeline® Self-Installation
Conexant D110 MDC V.9x Modem
Digital Line Detect
DynDNS Updater 3.1
EA SPORTS online 2006
Google AFE
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Lexmark Printer Software Uninstall
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Studio 2005 Tools for Office Runtime
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Muratec F-110 User's Guide
mWlsSafe
mXML
mZConfig
NetWaiting
Panda ActiveScan
Power Tab Editor 1.7
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer
Reason 1.0
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Skype™ 3.2
SmarThru Applications
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
SonicWALL Global VPN Client
SpyHunter
Steinberg Nuendo v2.0.1
SUPERAntiSpyware Free Edition
The Weather Channel Desktop
Twain Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Visual Studio 2005 Tools for Office Second Edition Runtime
VPN Client
Weather Services
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WinZip
World of Warcraft
Yahoo! Install Manager
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
i can see some malware which we will clear now. your java is out of date, but we will deal with that later. in this post we will clear the malware i can see and do a couple of scans to see what else is lurking on your machine. we will also flush your temp folders.


====STEP 1====
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.

Do NOT run it yet

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - X?­49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ¸?­8ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - ˆ?­3D70E-1895-11CF-8E15-001234567890} - (no file)
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\8A4UESSM\install_sbd_en[1].exe
O21 - SSODL: admggxp - {1C6238B5-484B-46F3-B092-8FC4C8B0704A} - C:\WINDOWS\admggxp.dll
O21 - SSODL: bdmnopx - {6B9389A5-7871-4DB7-B7BD-23CD6E779EA1} - C:\WINDOWS\bdmnopx.dll
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/b/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\8A4UESSM\install_sbd_en[1].exe
    C:\WINDOWS\admggxp.dll
    C:\WINDOWS\bdmnopx.dll
    C:/DOCUME~1/b/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


====STEP 2====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


====STEP 4====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


in your next reply could i see:
1. the OTMoveIT log
2. the SUPERantispyware log
3. the kaspersky scan
4. a new hijackthis log

andrewuk
  • 0

#3
arghhfrustrated

arghhfrustrated

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Cool, thank you! The popups have stopped and the 3 icons are not there anymore. Regarding the OTMoveIT, the first time I tried to do what you said the program immediatly shut down and I am not sure what happend. I did it again and the following log is what showed. In the yellow line of the program it says "Paste Custom list of Files/Folders to move" which is different than you indicated it would say.

Anyway, here is the OTMoveIT log and the rest:

OTMoveIt2

File/Folder C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\8A4UESSM\install_sbd_en[1].exe not found.
File/Folder C:\WINDOWS\admggxp.dll not found.
File/Folder C:\WINDOWS\bdmnopx.dll not found.
File/Folder C:/DOCUME~1/b/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg not found.
[Custom Input]
< Purity >

OTMoveIt2 v1.0.20 log created on 02162008_212306




SUPERAnitSpyware log:

Total Scan Time : 04:45:51

Memory items scanned : 442
Memory threats detected : 2
Registry items scanned : 5482
Registry threats detected : 1
File items scanned : 51753
File threats detected : 13

Trojan.Unclassified/2xy
C:\WINDOWS\ADMGGXP.DLL
C:\WINDOWS\ADMGGXP.DLL
C:\WINDOWS\BDMNOPX.DLL
C:\WINDOWS\BDMNOPX.DLL
C:\_OTMOVEIT\MOVEDFILES\02162008_212148\WINDOWS\ADMGGXP.DLL
C:\_OTMOVEIT\MOVEDFILES\02162008_212148\WINDOWS\BDMNOPX.DLL

Adware.Tracking Cookie
C:\Documents and Settings\b\Cookies\[email protected][3].txt
C:\Documents and Settings\b\Cookies\[email protected][2].txt
C:\Documents and Settings\b\Cookies\[email protected][2].txt

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-2203126901-3409889936-2870003909-1007\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarerefer...=...6Ojg5&lid=2 ]

Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\b\Desktop\Error Cleaner.url
C:\Documents and Settings\b\Desktop\Privacy Protector.url
C:\Documents and Settings\b\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\b\Favorites\Error Cleaner.url
C:\Documents and Settings\b\Favorites\Privacy Protector.url
C:\Documents and Settings\b\Favorites\Spyware&Malware Protection.url




Kaspersky Scan log:

Sunday, February 17, 2008 9:13:37 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570048


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 53504
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:47:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\b\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\b\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\b\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\b\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\b\Local Settings\Temp\ProductPath\pgs.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Documents and Settings\b\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\b\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\b\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP447\A0032739.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bcd skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP447\A0032740.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bcb skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP447\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{3C1548BD-9FCB-4A07-AA91-97D23E8B6CC2}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:11 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Muratec\F110\SmarThru\PORTCTRL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.badgercommunications.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Muratec\F110\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -scan -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xa...ice/xancamx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: admggxp - {5C1E5A2C-B030-4EE9-AA3D-A4823F396873} - C:\WINDOWS\admggxp.dll (file missing)
O21 - SSODL: bdmnopx - {22B9CDDA-671F-4094-A39F-E8941004D3EA} - C:\WINDOWS\bdmnopx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10710 bytes

Thank you!
  • 0

#4
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

Regarding the OTMoveIT, the first time I tried to do what you said the program immediatly shut down and I am not sure what happend

looks like it worked

in this post we will clear the malware found in the scans, update your java, do another scan and i want to do a deeper scan of your machine - there could be a stubborn piece of malware on your machine.

i dont recognise this ActiveX: (XancamX Camera Control) - https://homesight.xa...ice/xancamx.ocx - any idea what it relates to? if not, we can delete it from your machine.


====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O21 - SSODL: admggxp - {5C1E5A2C-B030-4EE9-AA3D-A4823F396873} - C:\WINDOWS\admggxp.dll (file missing)
O21 - SSODL: bdmnopx - {22B9CDDA-671F-4094-A39F-E8941004D3EA} - C:\WINDOWS\bdmnopx.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\admggxp.dll
    C:\WINDOWS\bdmnopx.dll
    C:\Documents and Settings\b\Local Settings\Temp\ProductPath\pgs.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

====STEP 3====
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    Downloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.


====STEP 4====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


In your next reply could i see:
1. an idea of that ActiveX
2. the OTMoveIT log
3. the malwarebytes log
4. the 2 DSS logs (though there may only be one)
5. and some idea of how your machine is running

there may be a lot of information to post, so you may have to post it over more than one reply to ensure all information is posted.

andrewuk
  • 0

#5
arghhfrustrated

arghhfrustrated

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks again!

1. Well, I do know what the xanboo is. Its a home monitoring system that I have so the ActiveX is OK.

2. OTMoveIt2 log:

File/Folder C:\WINDOWS\admggxp.dll not found.
File/Folder C:\WINDOWS\bdmnopx.dll not found.
C:\Documents and Settings\b\Local Settings\Temp\ProductPath\pgs.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 02172008_150232


3. Malwarebytes log:

Malwarebytes' Anti-Malware 1.03
Database version: 370

Scan type: Quick Scan
Objects scanned: 26402
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 34
Files Infected: 257

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\app_elements (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\modules (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\radar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\logos (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\temp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\app.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\app.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_app_scripts.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_fscommand.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_home_local_scripts.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_up.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\ext.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\index_local.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\noinet_300X250.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\noinet_728x90.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\no_connection_frame.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\query_prams.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\cachedSearch.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\loc_f.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\settings.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\ads.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\app.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\cobrand.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\dimms.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\divs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\forcast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\links.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\screens.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\version.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\vertical.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\businessGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\connection.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\drivingGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\fitnessGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\FLVplayer.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\ForecastPageTabs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\golfGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs_f.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs_p.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\instby_module.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\loaction_display.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\locManagerMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\MaxPrefsScreen.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\photo.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\pollenGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\promo.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\promo_p.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\SearchBarMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\SevereWeatherScreen.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\side_barmodule.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\VerticalSelectorScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\videoTabMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\app_elements\logo_loader.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\cc.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\detailed.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\hourly.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\OneClickCC.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\tenDayForecast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\threeDayForecast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\MaxRadarHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\MaxRadarScreen.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\radarAndMapsMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\sixHundredMileRadar.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\mainNavModule.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\nav_top_right.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\vertical_nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\businessTravelerMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\businessTravelerScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\drivingHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\drivingScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\fitnessHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\fitnessScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\golfHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\golfScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\pollenHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\pollenScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\trafficHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\trafficScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\weatherHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\Thunderclap.mp3 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\ad_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\bkg_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\bkg_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\homepage_line_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\homepage_line_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\--.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\31.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\32.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\33.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\34.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\37.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\38.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\39.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\41.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\42.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\44.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\45.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\46.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\47.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\--.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\31.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\32.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\33.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\34.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\38.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\47.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\--.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\0.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\1.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\15.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\17.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\18.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\19.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\2.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\22.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\23.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\25.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\8.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\businessTravelerV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\drivingV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\fitnessV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\golfV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\newsV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\pollenV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\trafficV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\weatherV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\ads.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\app.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\cobrand.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\dimms.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\divs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\forcast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\links.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\screens.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\version.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\config\vertical.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\ad_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\bkg_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\bkg_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\homepage_line_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\homepage_line_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\nav_bar_border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\nav_bar_border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\nav_bar_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\nav_bar_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\logos\weatherChannelLogo.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\graphics\logos\weatherChannelLogo_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\acttemp_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\curwx_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\map_arptimp_fcst_4namus_enus_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\map_fitidx_day1_4namus_enus_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\n_central_sat_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\travel_midwest_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\travel_northeast_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\travel_southeast_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\travel_west_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\trvlthun_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\us_bil_closeradar_medium_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\us_msp_closeradar_medium_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\maps\us_wxhi1_medium_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\modules\jff_tab_mod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\b\weather5\radar\sixHundredMileRadar.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\flow.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\ver.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.cpl (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\temp\1165873263.dwf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\temp\1193256364.dwf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\56303.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\ac.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\actimes.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\times.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\USMN0503.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\USMN0534.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\USMT0031.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Settings.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\The Weather Channel Desktop.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Uninstall.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.


4. Unfortunately the DSS program gives the following error message after running for a minute so I did not get any logs for that:

"dss has encountered a problem and needs to close. sorry for the inconvenience"

5. My machine appears to be running very smoothly! There have been no further popups etc... and things are running at normal speeds :) The DSS not working seems to be the only current issue.
  • 0

#6
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
good news that the machine is working smoothly :)

instead of the DSS, could you post a new hijackthis log instead

andrewuk

Edited by andrewuk, 17 February 2008 - 06:21 PM.

  • 0

#7
arghhfrustrated

arghhfrustrated

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Yes, here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:19 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Muratec\F110\SmarThru\PORTCTRL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.badgercommunications.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Muratec\F110\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -scan -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xa...ice/xancamx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10500 bytes
  • 0

#8
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi arghhfrustrated

congratulations, your logs are clean :)

just leaves us to clear away the fix tools, reset your restore points and for me to leave you with some ideas on how to enhance the protection of your machine against further infection.


====STEP 1====
clearing away the fix tools:
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

====STEP 2====
resetting the restore points:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Instructions with screenshots to help is http://www.f-secure..../sfc_dis1.shtml

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

andrewuk
  • 0

#9
arghhfrustrated

arghhfrustrated

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Done and done! Thanks a million andrewuk!!! I really appreciate your time. :) Please keep this up, it is a great service to those of us with limited technical knowledge. Take care. :)
  • 0

#10
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP