Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSW.OnlineGames.AJVH [RESOLVED]


  • This topic is locked This topic is locked

#1
anazopyreo

anazopyreo

    Member

  • Member
  • PipPipPip
  • 127 posts
My AVG found 2 instances of PSW.OnlineGames.AJVH. It said it healed 1 of them but it didn't. Also it only finds it when I scan in normal mode, ot in safe mode. No other scanner I have run even sees it. How do I get rid of it?

"General properties";""
"Report name";"Detailed Complete Test"
"Start time";"4/10/2008 3:10:04 AM"
"End time";"4/10/2008 6:35:43 AM (total: 3:25:38.5 hrs)"
"Launch method";"Scanning launched by scheduler"
"Scanning result";"Threats found"
"Report status";"Scanning completed successfully"
" ";""
"Object summary";""
"Scanned";"453245"
"Threats Found";"1"
"Cleaned";"0"
"Moved to vault";"0"
"Deleted";"0"
"Errors";"0"
"C:\WINDOWS\system32\kernel32.dll";"Change";"Changed"
"C:\WINDOWS\system32\shell32.dll";"Change";"Changed"
"C:\WINDOWS\system32\drivers\etc\hosts";"Change";"Changed"
"C:\pagefile.sys";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShield.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\HP_Administrator\NTUSER.DAT";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2007 - 16-48-53.SBU";"Contains password-protected files";"Archive"
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{62D2FE30-78C3-4AD2-B4FE-328C4C4D2B31}";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\NTUSER.DAT";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Program Files\BOINC\slots\1\boinc_lockfile";"Cannot open; not checked!";"Not scanned"
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask";"Contains password-protected files";"Archive"
"C:\Program Files\Microsoft Works\1033\Wizards\invwius.wwd";"Found some macros";"Scanned"
"C:\temp\HP_WebRelease\Setup\copy\Copy.cab:\HpQCopy.dll14.AEC15260_A444_440E_9621_BC683B6AC303";"Trojan horse PSW.OnlineGames.AJVH";"Infected, Embedded object"
"C:\temp\HP_WebRelease\Setup\copy\Copy.cab";"Trojan horse PSW.OnlineGames.AJVH";"Infected, Archive"
"C:\WINDOWS\system32\CatRoot2\edb.log";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\default";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\default.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SAM";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SAM.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SECURITY";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SECURITY.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\software";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\software.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\system";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\system.LOG";"Cannot open; not checked!";"Not scanned"
"D:\I386\Apps\APP32227\src\MSWORKS\PFILES\MSWORKS\1033\WIZARDS\INVWIUS.WWD";"Found some macros";"Scanned"
"D:\I386\Apps\APP32227\src\MSWORKS\PFILES\MSWORKS\1033\WIZARDS\INVWIZ.WWD";"Found some macros";"Scanned"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:15 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\BOINC\projects\qah.uni-muenster.de\Amolqc-preRC1_5.01_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore /Silence
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Start Smileycons - {C64A8F17-F16A-4a35-9618-B3A250D9EF2B} - C:\Program Files\Smileycons\smileycons.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start Smileycons - {C64A8F17-F16A-4a35-9618-B3A250D9EF2B} - C:\Program Files\Smileycons\smileycons.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinn...mines/mines.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file:///E:/win/setup/iaieplay.dll
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinn...ut/brickout.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinn...ty/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinn...royal/royal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13865 bytes


Incident Status Location

Potentially unwanted tool:application/need2find No disinfected HKEY_CURRENT_USER\SOFTWARE\NEED2FIND
Spyware:Cookie/Atwola Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Target Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.target.com/]
Spyware:Cookie/Yadro Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Advertising Disinfected C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\k6fixzyk.default\cookies.txt[]
Spyware:Cookie/PointRoll Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/Enhance Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
Spyware:Cookie/Go Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/Target Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/KillApp.B No disinfected C:\hp\bin\KillIt.exe
Spyware:Cookie/Com.com No disinfected C:\Program Files\support.com\backup\Co\cookies.txt\84453_553b92812_[]
Spyware:Cookie/Com.com No disinfected C:\Program Files\support.com\backup\Co\cookies.txt\92785_59dc0eb63_[]
Spyware:Cookie/RealMedia No disinfected C:\Program Files\support.com\backup\Co\cookiesnew.txt\27901_5c432c19a_[]
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
See if this helps...

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CURRENT_USER\SOFTWARE\NEED2FIND]


Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.


Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

  • 0

#3
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Thanks. I had already gotten rid of it some how (honestly don't know how), but since I recognize the Need2Find I followed these steps anyway.
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. Glad you got the issue resolved.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP