Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Hijacked

Started by rickster , Mar 27 2007 10:04 AM

  • This topic is locked This topic is locked
1 reply to this topic

#1 rickster

rickster

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 27 March 2007 - 10:04 AM

Hello, my pc yesterday was hacked in to by someone. They were able to get in to my e-mail account and set up a forwarding email (vegaboyster@gmail.com) and also got in to my Paypal account and transacted some $$$. I have been noticing performance issues the last couple months. The pc takes a long time to reboot, seems to wait the longest for the Zonelabs firewall to come up. Also I constantly get the message that there are Microsoft security updates but they son't seem to install (everytime I reboot it repeats the message (with automatic updates turned on). I currently have the auto update turned off. I have completed the procedure "Before posting A Hijack this log "self help". Below are the logs. Thanks in advance for any support. I used your site a couple years ago and up till recently the pc performed excellent. I will donate again for sure.

Rick

hijack log after AVG was run once in safe mode then again in normal mode


Logfile of HijackThis v1.99.1
Scan saved at 11:41:21 AM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\winword.exe
C:\Hyjackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109526372125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1174271951765
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



AVG LOGS
Safe mode
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:58:06 AM 3/27/2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{0032CCFA-D80B-DABE-C53B-7E94CD4E0B9D} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{0B2597DB-F5D8-5A0A-BA74-4E42716BE178} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{0C507AC8-9CC4-1970-BE39-A99F9532D512} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{153D10FB-F24E-58A4-1F55-99D6BD7AC8CA} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{16A44D3F-B2CD-5116-5BE3-1B77F19325D0} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{1C5174EF-6CDC-A9A8-CDD4-8E97F25B77D9} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{21E654F5-CF30-4A95-C97F-98763D1324F9} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{22B1F2F7-F173-BECD-F6C3-ED087F9541CA} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{276F3F87-44C8-4A9A-ADB1-2102C3E941DD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{286F8207-1C69-16CC-3E99-C38C1E4D62AD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{37708770-E494-86C9-3D98-817566C59056} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{37CF5456-717A-C95A-6D5F-7653A2E09649} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{49B290F7-E66E-2716-C118-FC92A72092D8} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{50BF8233-1F18-33EA-155D-8BA70712FAF3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{588FCF78-9883-FD4A-E7E4-8988603547DE} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{5B791DC9-4315-DB99-ED8F-D81BA733A257} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{622A8F48-1987-BE0C-846F-5F54337E3897} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{7085B7F3-6735-6A89-5650-95D1C3942B93} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{70AADA51-3691-0336-8370-F073BF05AD05} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{73A6D522-1A82-2562-0934-AC8B9AAFE7CD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{875B4CD1-0BF3-E6A9-2A50-67BB4B403435} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{87B9B006-3765-8006-D7C5-4C71568F43DA} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{A19A66EB-CF29-CC81-77FC-5375D97AE8AD} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{A5B853EB-02AC-5701-5CE5-B7B603A3964D} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{AA0B70B4-0585-98FF-591D-792B7C365368} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{ABD7967C-3F51-655C-C22D-34A94C9679EE} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{ADCD2861-F951-CBB0-CD36-3C98A6A42196} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{B0378C8C-FEF0-3745-3710-3DFFD82094B1} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{B1EA2010-07E4-3D19-B07F-C5DA991481C8} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{CC15449D-564B-BFBD-010F-5C0D90856CC3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D7630E68-79D7-6EF3-062A-A8D62572DA69} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{DA211C7E-80D9-4852-98A8-572088007AC3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{E68FF21A-1D01-4C00-EDC8-A80470B5A15F} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{F02E3B9E-91EA-F259-A3AA-78801E4D5744} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{F55D073A-8824-3A16-989A-7E60E10FA31B} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{F97B935C-4820-CB6C-D4EF-A3AF4B649DB3} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{FEB4AA0B-3E40-1CBB-3F25-CFC72AA1CD1B} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : No action taken.
C:\WINDOWS\uninstaller.exe -> Adware.WildMedia : No action taken.
C:\WINDOWS\system32\xlibgfl254.dll -> Downloader.Agent.bfj : No action taken.
C:\Program Files\Hijack this\backups\backup-20050227-161627-298.dll -> Downloader.Agent.hl : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP820\A0210744.exe -> Dropper.Agent.bbu : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Logger.BZub.fz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP823\A0212984.exe -> Logger.BZub.fz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP823\A0212993.DLL -> Logger.BZub.fz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP824\A0217327.dll -> Logger.BZub.hw : No action taken.
C:\WINDOWS\system32\ipv6monk.dll -> Logger.BZub.hy : No action taken.
C:\Program Files\PestPatrol\Quarantine\20070211161951.zip/WINDOWS/system32/ipv6monl.dll -> Logger.BZub.hz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP824\A0217343.dll -> Logger.BZub.hz : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP827\A0217627.exe -> Logger.BZub.ib : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0218817.DLL -> Logger.BZub.ib : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0220941.exe -> Logger.BZub.ib : No action taken.
C:\WINDOWS\system32\ipv6monj.dll -> Logger.BZub.ib : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP820\A0210745.dll -> Logger.BZub.nch : No action taken.
C:\autoexes.exe -> Logger.BZub.nch : No action taken.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : No action taken.
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : No action taken.
C:\Documents and Settings\Richard Latham\Application Data\antivirus.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.burstnet[3].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@ads.cnn[2].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@ads.cnn[3].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anad.tacoda[3].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@anat.tacoda[3].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Dana Latham\Cookies\dana latham@m.webtrends[3].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Richard Latham\Cookies\richard latham@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0222023.exe -> Trojan.Agent : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP828\A0224366.exe -> Trojan.Agent : No action taken.
C:\WINDOWS\send.exe -> Trojan.Agent.aeq : No action taken.
C:\WINDOWS\system32\d2kpax.exe -> Trojan.Dialer.bh : No action taken.
C:\WINDOWS\videoa.exe -> Trojan.Dialer.o : No action taken.
C:\WINDOWS\hta1.hta -> Trojan.LowZones.a : No action taken.
C:\WINDOWS\hta2.hta -> Trojan.LowZones.a : No action taken.
C:\WINDOWS\hta3.hta -> Trojan.LowZones.a : No action taken.
C:\WINDOWS\hta4.hta -> Trojan.LowZones.a : No action taken.
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP824\A0217325.exe -> Trojan.Tanspy : No action taken.


::Report end




Normal Mode ( after reboot to normal mode)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:29:46 AM 3/27/2007

+ Scan result:



C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233637.exe -> Adware.WildMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233629.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233636.dll -> Downloader.Agent.hl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233628.dll -> Logger.BZub.hy : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20070211161951.zip/WINDOWS/system32/ipv6monl.dll -> Logger.BZub.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233626.dll -> Logger.BZub.ib : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233625.exe -> Logger.BZub.nch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233638.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233635.exe -> Trojan.Agent.aeq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233627.exe -> Trojan.Dialer.bh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233630.exe -> Trojan.Dialer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233631.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233632.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233633.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6995F97A-0C11-46E7-AD16-F4EBACBCE82E}\RP830\A0233634.hta -> Trojan.LowZones.a : Cleaned with backup (quarantined).


::Report end

    Advertisements

Register to Remove

#2 rickster

rickster

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 08 April 2007 - 07:56 PM

I have not gotten a reply yet. Can anyone help? thanks

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·