Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan found [RESOLVED]


  • This topic is locked This topic is locked

#1
rodfree

rodfree

    Member

  • Member
  • PipPip
  • 27 posts
Hello,

I found this infected file today. Computer is running fine now. Any need to dig deeper?

Malwarebytes' Anti-Malware 1.20
Database version: 965
Windows 5.1.2600 Service Pack 3

6:19:04 PM 7/18/2008
mbam-log-7-18-2008 (18-19-04).txt

Scan type: Quick Scan
Objects scanned: 50273
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\unagiuninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Computer ran slow coming out of standby. Scan produced these results. Rebooted, then let system go into standby. Everythings fine for now. Updated I Tunes. Thats it. Should I expect this infection now that I have delt with past viruses? Will be gone for a few days. Will post back on my return.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
We can run some additional scans just to confirm that everything is ok...

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello,

I have been out of town untill today. I will run the programs that you have suggested and will post back when I have the results.
  • 0

#4
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello,

I have run the programs that you have suggested. Here are the results:

ComboFix 08-07-27.5 - Rodney 2008-07-27 21:00:57.5 - NTFSx86
Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\#SharedObjects\9HK8H77N\interclick.com
C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\#SharedObjects\9HK8H77N\interclick.com\ud.sol
C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-26 21:06 . 2008-07-26 21:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-26 21:06 . 2008-07-26 21:06 <DIR> d-------- C:\Program Files\Panda Security
2008-07-26 21:06 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-13 19:05 . 2008-07-13 19:05 <DIR> d-------- C:\Program Files\Bonjour
2008-07-03 19:07 . 2008-07-03 19:07 <DIR> d-------- C:\_OTMoveIt
2008-07-02 22:13 . 2008-07-02 22:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-30 00:27 . 2005-10-19 08:59 163,840 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 03:39 --------- d-----w C:\Documents and Settings\Rodney\Application Data\OpenOffice.org2
2008-07-17 01:53 2,542 ----a-w C:\Documents and Settings\Rodney\Application Data\wklnhst.dat
2008-07-14 00:09 --------- d-----w C:\Program Files\iTunes
2008-07-14 00:08 --------- d-----w C:\Program Files\iPod
2008-07-13 23:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 23:54 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-12 13:07 --------- d-----w C:\Program Files\Java
2008-06-30 04:11 --------- d-----w C:\Program Files\Dell
2008-06-30 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-06-28 01:13 --------- d-----w C:\Program Files\Nstorm
2008-06-27 18:57 --------- d-----w C:\Program Files\PokerStars.NET
2008-06-21 22:46 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Skinux
2008-06-21 22:37 --------- d-----w C:\Program Files\Common Files\Kodak
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 03:37 --------- d-----w C:\Program Files\QuickTime
2008-06-18 03:40 --------- d-----w C:\Program Files\Apple Software Update
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\setup.exe
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\DellSupport_En.exe
2006-10-03 00:19 69,816 ----a-w C:\Documents and Settings\Rodney\Application Data\GDIPFONTCACHEV1.DAT
2004-12-07 14:13 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-12-07 14:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-12-07 14:13 69,832 ----a-w C:\Program Files\DSETUP.dll
2004-12-07 14:13 479,432 ----a-w C:\Program Files\dxsetup.exe
2004-12-07 14:13 3,578,547 ----a-w C:\Program Files\ManagedDX.CAB
2004-12-07 14:13 2,249,416 ----a-w C:\Program Files\dsetup32.dll
2004-12-07 14:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-12-07 14:13 13,265,040 ----a-r C:\Program Files\dxnt.cab
2004-12-07 14:13 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-12-07 13:47 20,717 ----a-w C:\Program Files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43 472632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 20:01 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-04-20 13:24 53248]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 22:08 50688]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 18:19 79224]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 19:12 169984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\SYSTEM32\\java.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MySpeed PC\\msclientpe.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
.
Contents of the 'Scheduled Tasks' folder

2008-06-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-06-21 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2008-04-13 19:12]

2008-05-22 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart\RegistrySmart.exe []

2008-05-22 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart []

2008-07-28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{49F1735D-67E6-4491-A649-079D77F02D28}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
MSConfigStartUp-Sonic RecordNow! - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.msn.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O9 -: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O17 -: HKLM\CCS\Interface\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
C:\WINDOWS\Downloaded Program Files\OSD22.OSD
C:\WINDOWS\Downloaded Program Files\vzTCPConfig.dll

O16 -: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
C:\WINDOWS\Downloaded Program Files\gtdownde_110.inf
C:\WINDOWS\system32\gtdownde_110.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 21:07:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-27 21:15:05
ComboFix-quarantined-files.txt 2008-07-28 02:15:01
ComboFix2.txt 2008-05-23 01:59:01

Pre-Run: 9,260,756,992 bytes free
Post-Run: 9,444,605,952 bytes free

186 --- E O F --- 2008-07-10 02:38:00




Here is the other post:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-27 12:58:02
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1201 [VPS 080726-1] 4.8.1201 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029339 adware/exact.funcade Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\exactadvertisingfuncade
00029339 adware/exact.funcade Adware No 0 Yes No c:\documents and settings\rodney\start menu\programs\funcade
00029339 adware/exact.funcade Adware No 0 Yes No c:\program files\funcade
00035722 adware/comet Adware No 0 Yes No c:\windows\inf\dm.pnf
00035722 adware/comet Adware No 0 Yes No c:\windows\inf\dm.inf
00035722 adware/comet Adware No 0 Yes No c:\windows\downloaded program files\dm.inf
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0011996.exe
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP56\A0011880.exe[SDFix\apps\Process.exe]
00249874 application/alfacleaner HackTools No 0 Yes No c:\documents and settings\rodney\application data\skinux
00520936 Application/ViewPoint HackTools Yes 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
00520936 Application/ViewPoint HackTools No 0 Yes No C:\_OTMoveIt\MovedFiles\07032008_190754\Program Files\Viewpoint\Viewpoint Toolbar\del3F7.tmp\del3F8.tmp
01176994 Bck/VB.XB Virus/Trojan No 0 Yes No C:\327882R2FWJFW\NirCmdC.cfexe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0007854.exe[327882R2FWJFW\NirCmdC.cfexe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location x
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description x
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

I hope that this is the information that you need.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

hkey_local_machine\software\microsoft\windows\currentversion\uninstall\exactadvertisingfuncade
c:\documents and settings\rodney\start menu\programs\funcade
c:\program files\funcade
c:\windows\inf\dm.pnf
c:\windows\inf\dm.inf
c:\windows\downloaded program files\dm.inf
c:\documents and settings\rodney\application data\skinux
C:\Program Files\Viewpoint
C:\_OTMoveIt\MovedFiles\07032008_190754\Program Files\Viewpoint\Viewpoint Toolbar\del3F7.tmp\del3F8.tmp
C:\327882R2FWJFW

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#6
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello,

I have had no problems so far. I will delete programs as suggested. Here is post:

< hkey_local_machine\software\microsoft\windows\currentversion\uninstall\exactadvertisingfuncade >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\exactadvertisingfuncade\\ deleted successfully.
c:\documents and settings\rodney\start menu\programs\funcade moved successfully.
c:\program files\funcade moved successfully.
c:\windows\inf\dm.pnf moved successfully.
c:\windows\inf\dm.inf moved successfully.
c:\windows\downloaded program files\dm.inf moved successfully.
c:\documents and settings\rodney\application data\skinux moved successfully.
C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0 moved successfully.
C:\Program Files\Viewpoint\Viewpoint Toolbar moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager moved successfully.
C:\Program Files\Viewpoint\Common moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\_OTMoveIt\MovedFiles\07032008_190754\Program Files\Viewpoint\Viewpoint Toolbar\del3F7.tmp\del3F8.tmp moved successfully.
File/Folder C:\327882R2FWJFW not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_222749

I will see if anything happens. Thank you for your advice.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP