Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan vundo virus [RESOLVED]

Started by dt_truck11 , Mar 22 2008 01:53 PM

  • This topic is locked This topic is locked

#1
dt_truck11
Posted 22 March 2008 - 01:53 PM

dt_truck11

    Member

  • Member
  • PipPip
  • 47 posts
when i recently did a virus scan the scan came back saying that they found a trojan vundo virus and said that it was taken care of but i had this problem earlier and it kept comming back so if someone could look into this for me that would be great.

I'm using Windows XP with Norton Anti Virus and also Spyware Blaster

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:45 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wissports.net/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129575632154
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9910 bytes
  • 0

Advertisements

#2
andrewuk
Posted 25 March 2008 - 02:38 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi dt_truck11

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse.

(if your problem has already been resolved, could you just let me know so that i can move onto other logs to help others, thanks)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk
  • 0

#3
dt_truck11
Posted 25 March 2008 - 02:42 PM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
only the main.txt came up

Deckard's System Scanner v20071014.68
Run by Dustin on 2008-03-25 15:42:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dustin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:33 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Dustin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dustin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wissports.net/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129575632154
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9693 bytes

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-22 14:50:14 0 d-------- C:\Program Files\Trend Micro
2008-02-27 12:34:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 12:33:49 0 d-------- C:\Program Files\Windows Live
2008-02-27 12:33:30 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller


-- Find3M Report ---------------------------------------------------------------

2008-03-21 03:15:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-04 18:11:00 0 d-------- C:\Program Files\LimeWire
2008-03-01 18:19:56 0 d-------- C:\Documents and Settings\Dustin\Application Data\Adobe
2008-02-27 12:34:14 0 d-------- C:\Program Files\Common Files
2008-02-23 21:19:19 0 d-------- C:\Program Files\iTunes
2008-02-23 21:19:01 0 d-------- C:\Program Files\iPod
2008-02-23 21:16:19 0 d-------- C:\Program Files\QuickTime
2008-02-23 19:24:06 0 d-------- C:\Program Files\Yahoo!
2008-02-23 19:23:26 0 d-------- C:\Documents and Settings\Dustin\Application Data\Yahoo!
2008-02-18 00:34:32 0 d-------- C:\Program Files\SpywareBlaster
2008-01-29 18:09:54 0 d-------- C:\Program Files\mfk


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/20/2005 09:07 PM]
"nwiz"="nwiz.exe" [07/20/2005 09:07 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [07/20/2005 09:07 PM]
"SoundMan"="SOUNDMAN.EXE" [03/24/2005 09:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 02:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/12/2007 12:43:37 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/17/2005 3:37:39 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-03-25 15:43:04 ------------
  • 0

#4
andrewuk
Posted 25 March 2008 - 03:09 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
you have an ActiveX component from this site: http://apps.corel.com. do you recognise the site?

otherwise your logs look pretty good. are you getting any popups or the like? or any other issues with your machine?

we will do some scans to see what we can find lurking on your machine, and we will clear away some orphaned registry entries.

the scans will likely take 2 hours, quite possibly much longer. so just let them run.

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


====STEP 2====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 4====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


====STEP 4====
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report


In your next reply could i see:
1. the answer to the questions above
2. the malwarebytes log
3. the SUPERantispyware log
4. the Totalscan log
5. a new hijackthis log

there will be a lot of information to post in the next reply, therefore you may need to post the information over more than one reply to ensure it is all posted.

andrewuk
  • 0

#5
dt_truck11
Posted 28 March 2008 - 06:50 PM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
no i have never heard of it before. nor am i getting pop ups or any probs with my machine.

HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:52 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wissports.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129575632154
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9790 bytes


MalwareBytes Log

Malwarebytes' Anti-Malware 1.09
Database version: 545

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 141967
Time elapsed: 46 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

#6
dt_truck11
Posted 28 March 2008 - 06:51 PM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/26/2008 at 06:04 PM

Application Version : 4.0.1154

Core Rules Database Version : 3425
Trace Rules Database Version: 1417

Scan type : Complete Scan
Total Scan Time : 01:53:38

Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 4990
Registry threats detected : 0
File items scanned : 106756
File threats detected : 260

Adware.Tracking Cookie
C:\Documents and Settings\Dustin\Cookies\[email protected][1].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][1].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adbrite[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][1].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adinterax[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@trafficmp[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@clicksor[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@linksynergy[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@collective-media[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@griffinnewmedia[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[2].txt
C:\Documents and Settings\Dustin\Cookies\[email protected][2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@247realmedia[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@2o7[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@adserver[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@advertising[2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@apmebf[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@atdmt[2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@collective-media[2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@doubleclick[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@fastclick[2].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@hitbox[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@media6degrees[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@mediaplex[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@overture[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@partner2profit[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@questionmarket[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@realmedia[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@revsci[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@serving-sys[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@specificclick[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@statcounter[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@tacoda[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@trafficmp[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@tribalfusion[1].txt
C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@zedo[2].txt
C:\Documents and Settings\Days\Cookies\days@247realmedia[1].txt
C:\Documents and Settings\Days\Cookies\days@2o7[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@adbrite[1].txt
C:\Documents and Settings\Days\Cookies\days@adecn[1].txt
C:\Documents and Settings\Days\Cookies\days@adinterax[1].txt
C:\Documents and Settings\Days\Cookies\days@adlegend[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@adrevolver[1].txt
C:\Documents and Settings\Days\Cookies\days@adrevolver[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@adserver[1].txt
C:\Documents and Settings\Days\Cookies\days@adtech[1].txt
C:\Documents and Settings\Days\Cookies\days@advertising[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@anchornyc[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@apmebf[1].txt
C:\Documents and Settings\Days\Cookies\days@atdmt[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@atwola[2].txt
C:\Documents and Settings\Days\Cookies\days@azjmp[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@bizrate[1].txt
C:\Documents and Settings\Days\Cookies\days@bluestreak[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@burstnet[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@casalemedia[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@clickondetroit[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@collective-media[1].txt
C:\Documents and Settings\Days\Cookies\days@commission-junction[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@counters[1].txt
C:\Documents and Settings\Days\Cookies\days@counter[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@doubleclick[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@eyewonder[2].txt
C:\Documents and Settings\Days\Cookies\days@fastclick[2].txt
C:\Documents and Settings\Days\Cookies\days@findarticles[2].txt
C:\Documents and Settings\Days\Cookies\days@findyouradmirer[1].txt
C:\Documents and Settings\Days\Cookies\days@fliptrack[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@hitbox[2].txt
C:\Documents and Settings\Days\Cookies\days@interclick[1].txt
C:\Documents and Settings\Days\Cookies\days@keywordmax[1].txt
C:\Documents and Settings\Days\Cookies\days@linksynergy[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@lynxtrack[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@m2omedia[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@media6degrees[2].txt
C:\Documents and Settings\Days\Cookies\days@mediafire[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@mediaplex[1].txt
C:\Documents and Settings\Days\Cookies\days@mediapromoter[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@onlinerewardcenter[2].txt
C:\Documents and Settings\Days\Cookies\days@optimost[1].txt
C:\Documents and Settings\Days\Cookies\days@overture[1].txt
C:\Documents and Settings\Days\Cookies\days@partner2profit[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@questionmarket[1].txt
C:\Documents and Settings\Days\Cookies\days@quickieclick[2].txt
C:\Documents and Settings\Days\Cookies\days@realmedia[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@revenue[1].txt
C:\Documents and Settings\Days\Cookies\days@revsci[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@roiservice[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@screensavers[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@serving-sys[1].txt
C:\Documents and Settings\Days\Cookies\days@seventeen[1].txt
C:\Documents and Settings\Days\Cookies\days@sextracker[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@smileycentral[2].txt
C:\Documents and Settings\Days\Cookies\days@socialmedia[2].txt
C:\Documents and Settings\Days\Cookies\days@specificclick[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@statcounter[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@tacoda[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@teenmag[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@tradedoubler[1].txt
C:\Documents and Settings\Days\Cookies\days@trafficmp[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@tribalfusion[1].txt
C:\Documents and Settings\Days\Cookies\days@tripod[2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@valueclick[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\days@virginmedia[1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\[email protected][2].txt
C:\Documents and Settings\Days\Cookies\[email protected][1].txt
C:\Documents and Settings\Days\Cookies\days@xiti[1].txt
C:\Documents and Settings\Days\Cookies\days@yieldmanager[1].txt
C:\Documents and Settings\Days\Cookies\days@zedo[2].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\KLKKJ.INI
  • 0

#7
dt_truck11
Posted 28 March 2008 - 07:17 PM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
i have also noticed that now when im on a select group of sites not all the page displays or it is all jumbled up. like on the geeks to go forums its a white backround
  • 0

#8
andrewuk
Posted 28 March 2008 - 07:22 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
just the total scan to go.

to solve the internet site issue try clearing your firefox cache:

To clear the cache, go to Tools > Options
Go to Advanced category, and then click on the Network tab.
Under Cache, click the Clear Now button.
Click OK.

andrewuk
  • 0

#9
dt_truck11
Posted 28 March 2008 - 07:23 PM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
oops im sorry

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-03-28 19:47:21
PROTECTIONS: 1
MALWARE: 49
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton AntiVirus 2007 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00065327 adware/coolsavings Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cpnmgr.dll
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@atdmt[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@tradedoubler[1].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@bfast[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Cookies\dustin@com[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\[email protected][1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@tickle[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.statcounter.com/]
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Dawn\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@888[1].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Dawn\Cookies\dawn@cdfreaks[2].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.realmedia.com/]
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@cgi-bin[4].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Cookies\dustin@bravenet[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@bravenet[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Cookies\dustin@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Cookies\dustin@did-it[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.atwola.com/]
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@cgi-bin[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Days\Cookies\days@cgi-bin[3].txt
00516819 JS/Downloader.NOE Virus/Trojan No 0 Yes No C:\Documents and Settings\Days\Application Data\Sun\Java\Deployment\cache\6.0\2\75460282-2c5cecdd[Dex.class]
00516820 JS/Downloader.NOE Virus/Trojan No 0 Yes No C:\Documents and Settings\Days\Application Data\Sun\Java\Deployment\cache\6.0\2\75460282-2c5cecdd[Dvnny.class]
00517584 Application/SuperFast HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\8s9hm2x9.default\cookies.txt[.adserver.easyad.info/]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#10
andrewuk
Posted 28 March 2008 - 07:37 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi dt_truck11

the malwarebytes scan and SUPERantispyware scans picked up just cookies and cleared remnants of prior infections. the TotalScan picked up infections that are already safely quarantined and only one Registry entry to clear, which we will do now and also a couple of infections in the java cache, which we will clear.

we will also clear that ActiveX object, if it is legit then it will be downloaded when you next visit the site.


====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are two or three options in the window to clear the cache - Leave ALL Checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

====STEP 3====
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cpnmgr.dll
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


In your next reply could i see:
1. the OTMoveIT log
2. a new hijackthis log

andrewuk
  • 0

Advertisements

#11
dt_truck11
Posted 28 March 2008 - 07:59 PM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
when i click "move it" an error pops up saying "Invalid Time Flag! [cpmgr.dll] Must be numerical."
  • 0

#12
andrewuk
Posted 28 March 2008 - 08:37 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
hmm......yes, i can see the problem, we will have to go the slightly longer, but more exciting route.

to do this we will first backup your Registry (better safe than sorry).

====STEP 1====
Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch. <= important!
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


====STEP 2====
Registry Modifications

Next, lets remove the unwanted items.

Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
Please copy the contents of the code box below into the notepad. To do this highlight the contents of the box and right click on it.

Save it to your desktop has fixit.reg (filetype = any)

REGEDIT4

[-hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cpnmgr.dll]

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating sysytem

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

and can i see a new hijackthis log please.

andrewuk
  • 0

#13
dt_truck11
Posted 29 March 2008 - 08:50 AM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
when i go to open the registry file it asks me to choose which prog i want to use to open the file, i chose notepad and then it just opened with now pop up asking to merge
  • 0

#14
andrewuk
Posted 29 March 2008 - 09:13 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, so you copied the text into a notepad and saved the notepad to your desktop as fixit.reg with filetype as any?

and the icon on your desktop now looks like a .reg file?

and then you double-clicked on the fixit.reg icon on your desktop?

try right-clicking on the fixit.reg icon and selecting merge, which should be the top option in the menu that appears when you right click on the icon.

you will get a prompt confirming whether you want to merge, click yes.
  • 0

#15
dt_truck11
Posted 29 March 2008 - 09:18 AM

dt_truck11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ya i saved it as a registry file and with any type of file and it looks like reg file too. even when i right click on them and click merge it still asks me to choose a prog to open it
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP