Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans [RESOLVED]

Started by nata1ie , Jul 27 2008 06:48 AM

  • This topic is locked This topic is locked

#1
nata1ie
Posted 27 July 2008 - 06:48 AM

nata1ie

    Member

  • Member
  • PipPip
  • 48 posts
A few weeks ago, I had gotten infected with the Antivirus XP 2008, which had a lot of trojans in it and viruses. Through this site, i was able to get it all off, I thought. There are 4 trojans that AVG has found on my computer. They are: Trojan Horse Pakes.ACJ (in 3 different places on computer) and Trojan Horse SHeur.BQII. Here's the Hijack This log:
Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:36 AM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://bulgier.net/p...nic/Stelvio.jpg

--
End of file - 7557 bytes
  • 0

Advertisements

#2
nata1ie
Posted 27 July 2008 - 07:42 AM

nata1ie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here is my DSS log:

Deckard's System Scanner v20071014.68
Run by garvey on 2008-07-27 09:38:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as garvey.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:51 AM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\garvey\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\garvey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://bulgier.net/p...nic/Stelvio.jpg

--
End of file - 7510 bytes

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-17 18:57:33 0 d-------- C:\Program Files\Sun
2008-07-17 18:21:08 0 d-------- C:\Program Files\Common Files\Java
2008-07-13 19:07:56 0 d-------- C:\Documents and Settings\garvey\Application Data\Malwarebytes
2008-07-13 19:07:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 19:07:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 12:15:44 0 d--h----- C:\$AVG8.VAULT$
2008-07-13 12:14:10 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-13 12:13:52 0 d-------- C:\Program Files\AVG
2008-07-13 12:13:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-13 12:09:43 0 d-------- C:\Program Files\Trend Micro
2008-07-10 18:46:25 0 d-------- C:\Documents and Settings\garvey\Application Data\uTorrent
2008-07-10 18:46:08 0 d-------- C:\Program Files\uTorrent
2008-07-10 18:45:58 0 d-------- C:\8ce5b9ce831cdab36732bc8a37
2008-07-10 18:45:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-10 18:45:52 0 --a------ C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
2008-07-10 18:45:52 0 d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp


-- Find3M Report ---------------------------------------------------------------

2008-07-22 16:25:46 0 d-------- C:\Program Files\The Weather Channel FW
2008-07-17 18:57:21 0 d-------- C:\Program Files\Java
2008-07-17 18:21:08 0 d-a------ C:\Program Files\Common Files
2008-07-17 18:11:38 0 d-------- C:\Documents and Settings\garvey\Application Data\Lavasoft
2008-07-17 07:35:14 0 d-------- C:\Documents and Settings\garvey\Application Data\SUPERAntiSpyware.com
2008-07-17 07:35:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-10 18:46:17 0 d-------- C:\Documents and Settings\garvey\Application Data\Azureus
2008-06-26 18:02:47 0 d-------- C:\Documents and Settings\garvey\Application Data\ZoomBrowser EX
2008-05-27 21:25:03 0 d-------- C:\Program Files\WebLog Expert Lite
2008-05-27 21:24:52 0 d-------- C:\Program Files\Common Files\Software FX Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 03:33 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 10:15 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 02:05 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [01/19/2006 11:06 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 08:19 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/13/2008 12:13 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/11/2007 03:34 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" []

C:\Documents and Settings\garvey\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
DESKTOP.INI [8/10/2004 3:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-27 09:39:14 ------------
  • 0

#3
kahdah
Posted 27 July 2008 - 08:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi there can you post the log avg produced please so I can see what it detected?
  • 0

#4
nata1ie
Posted 27 July 2008 - 08:53 AM

nata1ie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
AVG log:

"Scan ""Scheduled scan"" was finished."
"Infections found:";"4"
"Infected objects removed or healed:";"0"
"Not removed or healed:";"4"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"93"
"Information count:";"0"
"Scan started:";"Saturday, July 26, 2008, 12:00:02 PM"
"Scan finished:";"Saturday, July 26, 2008, 1:53:21 PM (1 hour(s) 53 minute(s) 19 second(s))"
"Total object scanned:";"765959"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1126\A0153966.exe";"Trojan horse Pakes.ACJ";"Infected"
"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1126\A0153966.exe:\ADVANC~2.EXE";"Trojan horse Pakes.ACJ";"Infected"
"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1126\A0153966.exe:\ADVANC~2.EXE:\install.exe";"Trojan horse SHeur.BQII";"Infected"
"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1126\A0153966.exe:\ADVANC~2.EXE:\SERIAL~1.EXE";"Trojan horse Pakes.ACJ";"Infected"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\2o7.net.7a1e4db0";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\2o7.net.7dad70a9";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\2o7.net.fc3845a9";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\2o7.net.9973bb23";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\2o7.net.ca30b7c8";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\atdmt.com.ce59db3e";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\burstnet.com.27341d57";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.1d158016";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.e1f88397";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.f31be13a";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.6215368c";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.80477c7f";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.d7f89994";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.f5f26334";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\stat.dealtime.com.f58c396a";"Found Tracking cookie.Dealtime";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\tacoda.net.d323296e";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\statse.webtrendslive.com.58a4ef84";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\garvey\Application Data\Mozilla\Firefox\Profiles\tc0ypq5y.default\cookies.txt:\zedo.com.ff8ec9c0";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#USBSTOR#Disk&Ven_MATSHITA&Prod_DMC-LC33&Rev_0100#6&30141cb2&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}";"Found Adware.RogueSuspect";"Potentially dangerous object"
  • 0

#5
kahdah
Posted 27 July 2008 - 09:29 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
The threats it found are already deleted.

But first please open up AVG again and do the following:
Then click on History at the top.
Then click on the last scan result (produced from the above scan)
Then click on Warnings then remove all unhealed infections.
======================
Then do the following:
Click on History at the top and then click the Virus Vault > Then choose Empty Vault.
=====================
Then please delete dss.exe from off of your desktop and then delete this folder > C:\Deckard then empty your recycle bin.
=======================================
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
========================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#6
nata1ie
Posted 27 July 2008 - 09:56 AM

nata1ie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hello, I don't understand if it said I had 4 trojans when it scanned yesterday, how they are deleted if they showed up in the scan. Can you explain this? Thank you!
  • 0

#7
kahdah
Posted 27 July 2008 - 09:58 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
They are in the system restore points they are not active in your computer meaning they have already been dealt with but are just in the System Volume Information\_ deleting then renewing the restore points will get rid of them.
  • 0

#8
nata1ie
Posted 27 July 2008 - 10:13 AM

nata1ie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ok, I created a new restore point. Do I need to delete any older ones? I don't know how to do that. Thanks!
  • 0

#9
kahdah
Posted 27 July 2008 - 10:15 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
In my previous post there are these directions:

Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
  • 0

#10
nata1ie
Posted 27 July 2008 - 11:14 AM

nata1ie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I'm sorry, I don't understand. That link just shows how to turn them off and on. My restore points are already on. I went ahead and created a restore point from today, I don't know what else to do with that step. Am I missing something? Thanks for your patience.
  • 0

#11
kahdah
Posted 27 July 2008 - 11:37 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
What you want to do is to turn them off.
This deletes all prevous restore points including the one you just made.
Then when you turn it back on it starts all over and makes a new one from there.
  • 0

#12
nata1ie
Posted 27 July 2008 - 12:58 PM

nata1ie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thank you very much! It's done. Appreciate your help!
  • 0

#13
kahdah
Posted 27 July 2008 - 01:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#14
kahdah
Posted 27 July 2008 - 01:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP