Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

antispyware and adserver problem


  • Please log in to reply

#1
jpscomm2k7

jpscomm2k7

    New Member

  • Member
  • Pip
  • 1 posts
Can anyone help? I tried to remove this antispyware and used every antispyware i could think of like hitman pro but it seems when i reboot it comes back i have two running antiviruses simultaneously i got avast pro and nod32 running at the same time and still this spyware did managed to infect my pc here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:03 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Program Files\Common Files\Stardock\SDMCP.exe
D:\Program Files\window blinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Eyemail Technology Inc\CameraServer.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Eset\nod32krn.exe
D:\Documents and Settings\All Users\Application Data\qfivutkp\ubgtcdqt.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
D:\WINDOWS\VM303_STI.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\Google\Google Talk\googletalk.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\TweakRAM\TweakRAM.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Auto Off\Auto Off.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\MySpace\IM\MySpaceIM.exe
D:\WINDOWS\system32\ofsnmlat.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\Program Files\MSI\DigiCell\DigiCell.exe
D:\Program Files\MSI\SecureDoc\Logon.exe
D:\Program Files\Common Files\Sonic Shared\cinetray.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\MSI\Core Center\CoreCenter.exe
D:\Program Files\Metacafe\MetacafeAgent.exe
D:\Program Files\Dachshund Software\Hare\Hare.exe
D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\Documents and Settings\poch\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\poch.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tapgsm.com.ph
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0AB40134-0909-4FAE-9F8A-8ADECCAA3335} - D:\WINDOWS\system32\dpwsoc.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Browzu_IELDR Class - {15256C66-A8BE-4428-B2F8-3F7B746D4D05} - D:\Program Files\Vazu\Browzu_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - D:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - D:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - D:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: Vazu Mobile Toolbar - {D772C84A-0605-4025-8103-40305D6C47B7} - D:\Program Files\Vazu\VazuMobileBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Modem Booster] D:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [BigDog303] D:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [find trust seek mail] D:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust\Link Mode.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [TweakRAM] D:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AutoOff] D:\Program Files\Auto Off\Auto Off.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Vazu] D:\Program Files\Vazu\vazucentral.exe -hid
O4 - HKCU\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Camfrog] "D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 D:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [32 Mapi] D:\DOCUME~1\poch\APPLIC~1\INTERN~2\Meta Bold Extra.exe
O4 - HKCU\..\Run: [oormvbyn] D:\WINDOWS\system32\ofsnmlat.exe
O4 - HKCU\..\Run: [ymwlagdh] D:\WINDOWS\system32\krunadqb.exe
O4 - HKCU\..\Run: [tbeluyru] D:\WINDOWS\system32\vcvgtubs.exe
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [KeauxafYSB] D:\Documents and Settings\All Users\Application Data\qfivutkp\ubgtcdqt.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MetaCafe.lnk = D:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Hare.lnk = D:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Rapidown.lnk = D:\Program Files\Rapidown\rapidown.exe
O4 - Startup: Alienware Dock.lnk = D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: DigiCell.lnk = D:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: SecureDoc.lnk = D:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Metacafe.lnk = D:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Download all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Baixar com o Rapidown... - D:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - D:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vazu: Send &this image to my phone - D:\Program Files\Vazu\sendtext.htm
O8 - Extra context menu item: Vazu: Send &this text to my phone - D:\Program Files\Vazu\sendtext.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Vazu Mobile - {9F618E2B-154A-493e-8F8F-453252B8EDAF} - D:\Program Files\Vazu\VazuMobileBar.dll
O9 - Extra 'Tools' menuitem: Vazu Mobile Toolbar - {9F618E2B-154A-493e-8F8F-453252B8EDAF} - D:\Program Files\Vazu\VazuMobileBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CameraServer - Unknown owner - D:\Program Files\Eyemail Technology Inc\CameraServer.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - D:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 15930 bytes


mbam logs.... :

Malwarebytes' Anti-Malware 1.09
Database version: 573

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 427022
Time elapsed: 4 hour(s), 16 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 42

Memory Processes Infected:
d:\program files\the weather channel fw\desktop weather\desktopweather.exe (Adware.Hotbar) -> No action taken.

Memory Modules Infected:
d:\program files\the weather channel fw\framework\wxfw.dll (Adware.Hotbar) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DW4 (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Program Files\The Weather Channel FW (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> No action taken.
D:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather (Adware.Hotbar) -> No action taken.

Files Infected:
d:\program files\the weather channel fw\desktop weather\desktopweather.exe (Adware.Hotbar) -> No action taken.
d:\program files\the weather channel fw\framework\wxfw.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\UNWISE.INI (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\wxfw.cpl (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\The Weather Channel Desktop.lnk (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Uninstall.lnk (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Settings.lnk (Adware.Hotbar) -> No action taken.
D:\WINDOWS\Casino Madness 2002 Demo Setup Log.txt (Malware.Trace) -> No action taken.
D:\Documents and Settings\poch\Desktop\The Weather Channel Desktop.lnk (Rogue.Link) -> No action taken.

thanks ....
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP