Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Hijackthis PLZ help me! [RESOLVED]


  • This topic is locked This topic is locked

#16
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Topic reopened.
  • 0

Advertisements


#17
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
So i ran super anti-spyware and the system is not slugish anymore. Also opened Internet Explorer and the Spyware Shredder isnt coming back up. Also Ive gotten 141 tracker cookies in the scan from AVG witch where deleted. I think that Super anti-spyware took care of it all but here are the logs from Super anti-spyware and HIjackthis log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:55 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10458 bytes




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:55 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10458 bytes


Thanks !
  • 0

#18
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Also wanted to know if u need a combofix?
  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Nope try this instead.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#20
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Malwarebytes' Anti-Malware 1.04
Database version: 388

Scan type: Quick Scan
Objects scanned: 27004
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 33
Files Infected: 256

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DW4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\app_elements (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\modules (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\photo (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\radar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\logos (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\temp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\app.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\app.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_app_scripts.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_fscommand.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_home_local_scripts.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\dw_up.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\ext.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\index_local.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\noinet_300X250.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\noinet_728x90.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\no_connection_frame.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\query_prams.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\loc_f.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\settings.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\ads.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\app.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\cobrand.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\dimms.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\divs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\forcast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\links.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\screens.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\version.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\vertical.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\businessGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\connection.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\drivingGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\fitnessGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\FLVplayer.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\ForecastPageTabs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\golfGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs_f.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs_p.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\instby_module.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\loaction_display.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\locManagerMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\MaxPrefsScreen.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\photo.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\pollenGraphicMax.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\promo.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\promo_p.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\SearchBarMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\SevereWeatherScreen.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\side_barmodule.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\VerticalSelectorScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\videoTabMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\app_elements\logo_loader.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\cc.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\detailed.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\hourly.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\OneClickCC.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\tenDayForecast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\threeDayForecast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\MaxRadarHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\MaxRadarScreen.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\radarAndMapsMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\sixHundredMileRadar.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\mainNavModule.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\nav_top_right.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\vertical_nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\businessTravelerMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\businessTravelerScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\drivingHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\drivingScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\fitnessHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\fitnessScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\golfHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\golfScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\pollenHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\pollenScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\trafficHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\trafficScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\weatherHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\Thunderclap.mp3 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\ad_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\bkg_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\bkg_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\homepage_line_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\homepage_line_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\31.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\32.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\33.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\34.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\37.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\38.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\39.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\40.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\41.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\42.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\44.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\45.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\46.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\47.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\15.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\18.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\31.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\32.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\33.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\34.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\38.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\42.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\47.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\8.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\0.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\1.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\15.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\17.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\18.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\19.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\2.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\22.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\23.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\25.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\8.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\businessTravelerV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\drivingV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\fitnessV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\golfV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\newsV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\pollenV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\trafficV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\weatherV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\TWCDWSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\ads.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\app.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\cobrand.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\dimms.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\divs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\forcast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\links.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\screens.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\version.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\config\vertical.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\ad_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\bkg_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\bkg_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\homepage_line_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\homepage_line_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\nav_bar_border_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\nav_bar_border_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\nav_bar_f.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\nav_bar_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\logos\weatherChannelLogo.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\graphics\logos\weatherChannelLogo_p.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\acttemp_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\curwx_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\map_arptimp_fcst_4namus_enus_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\southwest_sat_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\travel_northeast_440x297.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\us_btv_closeradar_medium_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\us_lax_closeradar_medium_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\maps\us_wxhi1_medium_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\modules\jff_tab_mod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\photo\photoOfTheDay.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Administrator\weather5\radar\sixHundredMileRadar.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\flow.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\ver.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.cpl (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\temp\1180927417.dwf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\04061.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\05401.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\92626.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\ac.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\actimes.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\times.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Settings.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\The Weather Channel Desktop.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Uninstall.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\The Weather Channel Desktop.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#22
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
SmitFraudFix v2.293

Scan done at 19:25:00.28, Thu 02/21/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 66.75.160.63
DNS Server Search Order: 66.75.160.64

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D3482DE-351A-49A7-B8AF-A52BC37CFA8B}: DhcpNameServer=66.75.160.63 66.75.160.64
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D3482DE-351A-49A7-B8AF-A52BC37CFA8B}: DhcpNameServer=66.75.160.63 66.75.160.64
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D3482DE-351A-49A7-B8AF-A52BC37CFA8B}: DhcpNameServer=66.75.160.63 66.75.160.64
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.63 66.75.160.64
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.63 66.75.160.64
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.63 66.75.160.64


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#23
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#24
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-02-21 20:55:46
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00040527 spyware/surfsidekick Spyware No 1 Yes No c:\documents and settings\administrator\local settings\temporary internet files\ssk.log
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mediaplex.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mysearch.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mysearch.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mysearch.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.com.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[landing.domainsponsor.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.xiti.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.azjmp.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.toplist.cz/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.apmebf.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.adultfriendfinder.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atwola.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.ads.addynamix.com/]
00517584 Application/SuperFast HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/]
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#25
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    c:\documents and settings\administrator\local settings\temporary internet files\ssk.log
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================
Also one more Hijackthis log please.
  • 0

Advertisements


#26
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
File/Folder ;*******************************************************************************
*********************************************************************************
******************* not found.
File/Folder ANALYSIS: 2008-02-21 20:55:46 not found.
File/Folder PROTECTIONS: 1 not found.
File/Folder MALWARE: 20 not found.
File/Folder SUSPECTS: 0 not found.
File/Folder ;*******************************************************************************
*********************************************************************************
******************* not found.
File/Folder PROTECTIONS not found.
File/Folder Description Version Active Updated not found.
File/Folder ;===============================================================================
=================================================================================
=================== not found.
File/Folder McAfee VirusScan No No not found.
File/Folder ;===============================================================================
=================================================================================
=================== not found.
File/Folder MALWARE not found.
File/Folder Id Description Type Active Severity Disinfectable Disinfected Location not found.
File/Folder ;===============================================================================
=================================================================================
=================== not found.
File/Folder 00040527 spyware/surfsidekick Spyware No 1 Yes No c:\documents and settings\administrator\local settings\temporary internet files\ssk.log not found.
File/Folder 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.doubleclick.net/] not found.
File/Folder 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atdmt.com/] not found.
File/Folder 00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe not found.
File/Folder 00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe not found.
File/Folder 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.tribalfusion.com/] not found.
File/Folder 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mediaplex.com/] not found.
File/Folder 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mysearch.com/] not found.
File/Folder 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mysearch.com/] not found.
File/Folder 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.mysearch.com/] not found.
File/Folder 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.com.com/] not found.
File/Folder 00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[landing.domainsponsor.com/] not found.
File/Folder 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.xiti.com/] not found.
File/Folder 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.azjmp.com/] not found.
File/Folder 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.azjmp.com/] not found.
File/Folder 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.azjmp.com/] not found.
File/Folder 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.toplist.cz/] not found.
File/Folder 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.apmebf.com/] not found.
File/Folder 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.apmebf.com/] not found.
File/Folder 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.adultfriendfinder.com/] not found.
File/Folder 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.adultfriendfinder.com/] not found.
File/Folder 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/] not found.
File/Folder 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/] not found.
File/Folder 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/] not found.
File/Folder 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/] not found.
File/Folder 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atwola.com/] not found.
File/Folder 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atwola.com/] not found.
File/Folder 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.ads.addynamix.com/] not found.
File/Folder 00517584 Application/SuperFast HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe not found.
File/Folder 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/] not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/] not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/] not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/] not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[advancedcleaner.com/] not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/] not found.
File/Folder 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.advancedcleaner.com/] not found.
File/Folder ;===============================================================================
=================================================================================
=================== not found.
File/Folder SUSPECTS not found.
File/Folder Location not found.
File/Folder ;===============================================================================
=================================================================================
=================== not found.
File/Folder ;===============================================================================
=================================================================================
=================== not found.

OTMoveIt2 v1.0.20 log created on 02222008_011253



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:13 AM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\OTMoveIt2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10366 bytes



Do u ever sleep?
  • 0

#27
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Do u ever sleep?

Not enough :)

Clean your Cache and Cookies in Firefox :
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
  • Alternatively, you can clear all information stored while browsing by clicking Clear All.
  • A confirmation dialog box will be shown before clearing the information.

* Clean your Cache and Cookies in Internet Explorer

* Go to Tools > Internet Options.
* Click delete cookies in the menu.
* Click ok at the prompt.
* Then click delete files.
* Then place a check mark in the box that appears that says delete all offline content.
* Then click ok.
===========================================================
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
=================
After that Your log is clean. :)

Let me know if you feel that it is resolved?
  • 0

#28
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

So everything seems to be ok. I ran Ad-aware and got 121 tracking cookies. I didn't use the internet at all between the previous scan and the the last. I was wonder if this new flare up was hiding or did i contract it after the 19th. I tried to use a system restore before i opened the post agine, but to no avail it didn't work. Is there something behind that? Also why didn't ZoneAlarm protect me? All this is very weird and just wondering if i sould re-format. If there is something still infected and it might be in some of my files i would like to back up?

Sent via pm.
  • 0

#29
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Tracking cookies will always be present and yes it is possible that you had them left over.
Sometimes ATF doesn't get all of them.\
I see no need to reformat.

Just to double check:

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#30
dirtyendz

dirtyendz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
ComboFix 08-02-22.3 - Administrator 2008-02-22 17:56:16.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.456 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-21 19:42 . 2008-02-21 19:42 <DIR> d-------- C:\Program Files\Panda Security
2008-02-21 19:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-21 19:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-21 19:24 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-21 19:24 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-21 19:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-21 19:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-21 19:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-21 17:37 . 2008-02-21 17:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-21 17:37 . 2008-02-21 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-21 17:37 . 2008-02-21 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-02-21 11:57 . 2008-02-21 11:57 0 --a------ C:\~GLHTTP1.TMP
2008-02-21 11:50 . 2008-02-21 11:50 <DIR> d-------- C:\Program Files\Zone Labs(5)
2008-02-21 11:44 . 2008-02-21 11:44 <DIR> d-------- C:\Program Files\Zone Labs(4)
2008-02-21 11:23 . 2008-02-21 11:23 <DIR> d-------- C:\Program Files\Zone Labs(3)
2008-02-18 10:18 . 2008-02-22 18:00 1,720,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-18 10:18 . 2008-02-22 01:48 20,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-18 10:15 . 2008-02-18 10:15 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-18 10:15 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-18 10:15 . 2008-02-22 01:49 353,366 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-17 23:09 . 2008-02-17 23:09 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-17 23:05 . 2008-02-17 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-17 23:05 . 2008-02-18 10:17 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-17 23:04 . 2008-02-21 11:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-17 23:04 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-17 23:02 . 2008-02-18 09:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-17 23:01 . 2008-02-17 23:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-17 23:01 . 2008-02-21 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-17 22:46 . 2008-02-17 22:46 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-17 09:16 . 2008-02-17 09:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 08:38 . 2008-02-17 09:25 13,298 --a------ C:\WINDOWS\BM970cc1f8.xml
2008-02-16 20:29 . 2008-02-16 21:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-16 20:29 . 2008-02-16 21:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-16 18:25 . 2008-02-21 16:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 18:25 . 2008-02-16 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 18:25 . 2008-02-16 18:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-16 17:12 . 2008-02-21 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:12 . 2008-02-16 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-16 17:12 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 16:17 . 2008-02-16 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-02-16 15:31 . 2008-02-16 15:31 0 --a------ C:\eied_s7_c_99sp2.exe
2008-02-16 14:58 . 2008-02-16 14:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 14:58 . 2008-02-16 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 11:52 . 2008-02-16 16:29 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-02-14 15:20 . 2008-02-14 15:20 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-02-14 00:50 . 2008-02-14 00:50 <DIR> dr------- C:\Documents and Settings\Administrator\Application Data\Brother
2008-02-12 09:44 . 2008-02-13 15:17 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-12 09:44 . 2008-02-12 10:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-12 09:44 . 2008-02-13 15:17 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-11 16:43 . 2008-02-11 16:43 <DIR> d-------- C:\Program Files\Disney
2008-02-10 13:29 . 2008-02-21 19:42 2,021 --a------ C:\WINDOWS\mozver.dat
2008-02-09 15:31 . 2008-02-20 23:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 15:31 . 2008-02-09 15:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-06 18:19 . 2008-02-06 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-02-06 18:00 . 2008-02-06 18:00 <DIR> d-------- C:\Program Files\Build-a-lot
2008-02-04 18:40 . 2008-02-04 18:40 <DIR> d-------- C:\Program Files\Ventrilo
2008-02-04 18:40 . 2008-02-16 18:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 11:03 . 2008-02-17 10:33 <DIR> d-------- C:\Program Files\QuickTime
2008-02-03 04:23 . 2008-02-16 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 04:23 . 2008-02-03 04:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 04:22 . 2008-02-17 11:32 <DIR> d-------- C:\Program Files\AIM6
2008-02-02 10:05 . 2008-02-02 10:05 <DIR> d-------- C:\Program Files\MySpace
2008-02-02 10:05 . 2008-02-02 10:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 01:40 --------- d-----w C:\Program Files\Steam
2008-02-22 17:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-02-21 20:13 --------- d-----w C:\Program Files\[email protected]
2008-02-21 15:24 12,864 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-02-20 18:26 1,353,216 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-19 06:08 75,456 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-18 03:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 03:17 --------- d-----w C:\Program Files\CyberLink
2008-02-18 03:04 --------- d-----w C:\Program Files\Creative
2008-02-17 19:32 --------- d-----w C:\Program Files\MSN Messenger
2008-02-17 19:32 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-02-17 19:32 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-17 07:32 --------- d-s---w C:\Program Files\Xfire
2008-02-17 07:09 --------- d-----w C:\Program Files\Google
2008-02-17 02:18 --------- d-----w C:\Program Files\DIGStream
2008-02-16 23:07 --------- d-----w C:\Program Files\Common Files\Real
2008-02-16 23:05 --------- d-----w C:\Program Files\FileTreePrinter
2008-02-16 22:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-16 22:45 --------- d-----w C:\Program Files\Common Files\Motive
2008-02-14 06:52 --------- d-----w C:\Program Files\ELECTRONIC ARTS
2008-02-12 17:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-04 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-04 19:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Cyberlink
2008-02-03 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-30 21:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 21:07 --------- d-----w C:\Program Files\RealArcade
2008-01-25 06:58 --------- d-----w C:\Program Files\BFG
2008-01-21 06:45 --------- d-----w C:\Program Files\Eagletron
2008-01-21 06:44 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-06-16 06:14 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-01-29 14:32 2,288 -c--a-w C:\Program Files\agerage.nfo
2005-04-28 14:54 2,343 -c--a-w C:\Program Files\cheat-db.com.txt
2005-04-22 15:16 437 -c--a-w C:\Program Files\ict-shadow.ini
2005-04-22 15:07 3,506 -c--a-w C:\Program Files\readme.txt
2005-02-25 01:19 42,478 -c--a-w C:\Program Files\rage.ict
2004-06-10 14:23 160,256 -c--a-w C:\Program Files\fmod.dll
2003-02-17 00:08 75 -c--a-w C:\Program Files\Cheat-Db.com.url
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-17 23:09 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BA52B914-B692-46C4-B683-905236F6F655}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-17 23:09 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-02-16 16:29 147456]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-02-16 15:56 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-02-16 16:29 1266936]
"SB Audigy 2 Startup Menu"=" /L:ENG" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-02-16 15:45 4662776]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-16 15:45 8720384]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2008-02-16 15:44 258048]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-02-16 15:45 50528]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"AsioReg"="REGSVR32.exe" [2004-08-10 03:00 11776 C:\WINDOWS\system32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-02-16 16:29 90112]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 09:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 17:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 17:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 17:43 86016]
"CTHelper"="CTHELPER.EXE" [2003-02-20 14:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-02-17 09:23 157592]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-02-16 15:56 212992]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
[email protected] 5.03.lnk - C:\Program Files\[email protected]\winFAH.exe [2007-07-18 14:09:51 323584]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-08-06 10:26:02 2713936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 18:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 21:01:04 83360]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-17 14:36:43 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys [2004-07-27 18:43]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 17:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 01:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 00:28]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 08:11]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 18:00:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 18:01:44
.
2008-02-18 07:02:42 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:22 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10302 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP