Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help with redirects 101links.com


  • Please log in to reply
13 replies to this topic

#1 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 08 October 2007 - 04:22 PM

After clicking on a result from searching google, I get redirected through 101links.com to another site. I have done the self help that is posted on this forum. Thanks for that! Now I have my report from Fixwareout and my HJthis log. Any help would be appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:57 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5baef032889f47aaa856cce79729b2b1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5baef032889f47aaa856cce79729b2b1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.37/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FAH@C:+FAH502-Console.exe - Unknown owner - C:\FAH502-Console.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.nick.com/...es/clearpix.gif

--
End of file - 10289 bytes

Fixwareout report


Username "Owner" - 10/08/2007 17:56:26 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbsw.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{32C46A2A-6467-40D1-AA30-B06FBE116C78}
"nameserver"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9AEFC32A-25CC-4B21-935B-7EAAC625EDD8}
"nameserver"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B279A5B8-CDAB-4A93-81AA-670D1E8F823C}
"nameserver"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B2FCAB55-6E7B-48C6-9FFA-0A9E79C64732}
"nameserver"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0E2C9CF6-A75A-4475-AFA1-FEB6F43AC0FA}
"DhcpNameServer"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{32C46A2A-6467-40D1-AA30-B06FBE116C78}
"DhcpNameServer"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{955BFF23-DCB0-49A8-8D84-4F570D95E42B}
"DhcpNameServer"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9AEFC32A-25CC-4B21-935B-7EAAC625EDD8}
"DhcpNameServer"="85.255.115.59,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B2FCAB55-6E7B-48C6-9FFA-0A9E79C64732}
"DhcpNameServer"="85.255.115.59,85.255.112.210" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdbsw.ren 71203 06/13/2007


C:\Program Files\UltimateBet < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"DXDllRegExe"="dxdllreg.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Thanks for your help!

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 October 2007 - 10:30 AM

Download and install AVG Anti-Spyware (ewido). Then scan and post the report here.
Instructions and download link can be found here.

#3 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 October 2007 - 04:41 AM

thanks! heres the report --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 6:37:01 AM 10/17/2007 + Scan result: HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88D758A3-D33B-45FD-91E3-67749B4057FA} -> Adware.Generic : No action taken. HKU\S-1-5-21-783346484-1452661547-4161351115-1007\Software\intexp -> Adware.IEPlugin : No action taken. HKU\S-1-5-21-783346484-1452661547-4161351115-1007\Software\intexp\Config -> Adware.IEPlugin : No action taken. HKU\S-1-5-21-783346484-1452661547-4161351115-1007\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : No action taken. C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\16823061-54b6b83d/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken. C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\7aba374-4d3acc8a/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken. C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\5889f2f9-50a4af16 -> Not-A-Virus.Exploit.Java.Gimsh.a : No action taken. :mozilla.297:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.298:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken. :mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken. :mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Connextra : No action taken. :mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Connextra : No action taken. :mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Connextra : No action taken. :mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken. :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken. :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Information : No action taken. :mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Information : No action taken. :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Information : No action taken. :mozilla.587:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Intelli-direct : No action taken. :mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Live : No action taken. :mozilla.505:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Live : No action taken. :mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Live : No action taken. :mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Liveperson : No action taken. :mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Netflame : No action taken. :mozilla.614:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Paypal : No action taken. :mozilla.532:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Realmedia : No action taken. :mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Realmedia : No action taken. :mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.365:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.366:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tracking101 : No action taken. :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Tracking101 : No action taken. :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Vortexmediagroup : No action taken. :mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Yadro : No action taken. :mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt -> TrackingCookie.Zedo : No action taken. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1021\A0178896.exe -> Trojan.DNSChanger.og : No action taken. C:\Program Files\A8GSdsApp\msvb.dll -> Trojan.Hooker.j : No action taken. ::Report end

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 17 October 2007 - 06:25 AM

I hope you delete what was found.

Please go HERE to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#5 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 October 2007 - 07:39 PM

finished the scan and here is the report. Incident Status Location Adware:adware/transponder Not disinfected Windows Registry Adware:adware/ieplugin Not disinfected Windows Registry Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.atwola.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.2o7.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.advertising.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.zedo.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.fastclick.net/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.burstnet.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.fastclick.net/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.burstnet.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.fastclick.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.com.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.overture.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[ads.pointroll.com/PRServe/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[statse.webtrendslive.com/S005-01-8-9-269184-95692] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.adserver.easyad.info/] Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.anm.co.uk/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[server.iad.liveperson.net/hc/LPcort] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mandy\Application Data\Mozilla\Firefox\Profiles\kg20cs23.default\cookies.txt[.xiti.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mandy\Cookies\mandy@atdmt[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mandy\Cookies\mandy@bluestreak[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mandy\Cookies\mandy@doubleclick[1].txt Virus:Trj/Agent.FAY Not disinfected C:\Documents and Settings\Mandy\Desktop\SetupImvu_full(2).exe[CallStack_release.dll] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.statcounter.com/] Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.kinghost.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.atwola.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.zedo.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.yadro.ru/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.realmedia.com/] Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.anm.co.uk/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.go.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ypwt5b5.default\cookies.txt[.xiti.com/] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\21\4deef595-3f1d8795[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\21\4deef595-3f1d8795[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\21\4deef595-3f1d8795[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\21\4deef595-3f1d8795[Beyond.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[BaaaaBaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[VaaaaaaaBaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[Dvnny.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[Baaaaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[Dex.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[Dix.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\5c7873e6-73317a3b[Dux.class] Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\39\3a99d727-74ad6a9c[javainstaller/InstallerApplet.class] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt Virus:Trj/Pswmon.B Disinfected C:\Documents and Settings\Owner\My Documents\TurboTax\torrent\Golden Eye 4.50\gesetup.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe Virus:Generic Malware Disinfected C:\Program Files\A8GSdsApp\AGSeiApp.exe Virus:Generic Malware Not disinfected C:\Program Files\ek_setup.exe[²íÇ] Virus:Generic Malware Not disinfected C:\Program Files\ek_setup.exe[²óÇ] Virus:Generic Malware Not disinfected C:\Program Files\ek_setup.exe[²ÇÇ] Virus:Generic Malware Not disinfected C:\Program Files\ek_setup.exe[²ÇÇ] Virus:Generic Malware Not disinfected C:\Program Files\ek_setup.exe[²ÇÇ] Virus:Trj/Agent.FAY Disinfected C:\Program Files\IMVU\CallStack_release.dll Adware:Adware/XXXPlugin Not disinfected C:\Program Files\Plugin\Uninstall.exe Virus:Trj/Agent.FAY Not disinfected C:\RECYCLER\S-1-5-21-783346484-1452661547-4161351115-1007\Dc16.exe[CallStack_release.dll] Virus:Generic Malware Disinfected C:\WINDOWS\system32\drivers\cdfsnt.sys Virus:Generic Malware Disinfected C:\WINDOWS\system32\drivers\i8042pex.sys Virus:Generic Malware Disinfected C:\WINDOWS\system32\drivers\sym2k.sys Virus:Generic Malware Disinfected C:\WINDOWS\system32\imesha32.dll Virus:Generic Malware Disinfected C:\WINDOWS\system32\osunisvr.exe

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 17 October 2007 - 10:18 PM

Looks like some remain Lets run combofix.exe
Download it from one of the links below:
Note:
It is important that it is saved directly to your desktop

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


#7 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 20 October 2007 - 08:26 AM

I downloaded combofix in firefox and the links wouldn't work. I tried it in IE and it worked the first time. I have a report now. Thanks again!

ComboFix 07-10-17.8@ - Owner 2007-10-20 9:57:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.507 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr

.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-20 09:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 20:49 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2007-10-17 20:49 403 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-10-17 19:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-17 19:20 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-16 20:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-10-16 20:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-10-16 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-16 20:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-07 17:29 20,548,585 --a------ C:\Program Files\ultimatestunts-windata-0721.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 00:36 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-18 00:35 --------- d-----w C:\Program Files\Vodei
2007-10-18 00:32 --------- d-----w C:\Program Files\QuickTime
2007-10-18 00:29 --------- d-----w C:\Program Files\MSN Messenger
2007-10-18 00:26 --------- d-----w C:\Program Files\MagicISO
2007-10-18 00:23 --------- d-----w C:\Program Files\IMVU
2007-10-18 00:21 --------- d-----w C:\Program Files\Digital Media Reader
2007-10-18 00:21 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-10-18 00:12 --------- d-----w C:\Program Files\A8GSdsApp
2007-10-16 10:40 --------- d-----w C:\Program Files\Full Tilt Poker
2007-10-15 00:28 --------- d-----w C:\Program Files\Absolute Poker
2007-10-13 04:04 --------- d-----w C:\Program Files\PokerStars
2007-10-10 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-08 22:13 10,291 ----a-w C:\Program Files\hijackthis.log
2007-10-08 21:33 16,027 ----a-w C:\Program Files\redir-0.1.xpi
2007-09-25 01:07 --------- d-----w C:\Program Files\UltimateBet
2007-09-23 04:07 907,595 ----a-w C:\Program Files\Rasterbator_Standalone_1.21.zip
2007-09-20 18:18 --------- d-----w C:\Program Files\Master Of Defense
2007-09-18 12:43 --------- d-----w C:\Program Files\VideotoDVDBurner
2007-09-18 12:42 --------- d-----w C:\Program Files\Wondershare
2007-09-16 21:36 --------- d-----w C:\Program Files\Symantec
2007-09-16 21:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-16 20:38 --------- d-----w C:\Program Files\backups
2007-09-16 20:37 --------- d-----w C:\Program Files\Norton AntiVirus
2007-09-16 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-16 20:26 401,720 ----a-w C:\Program Files\HiJackThis.exe
2007-09-16 20:23 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2007-09-15 14:00 16,187,399 ----a-w C:\Program Files\Master-of-Defense.zip
2007-09-13 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-12 22:30 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2007-09-05 03:31 208,750 ----a-w C:\Program Files\zero-codec1110.exe
2007-09-05 03:31 --------- d-----w C:\Program Files\Plugin
2007-09-02 23:31 --------- d-----w C:\Program Files\Poker Tracker V2
2007-09-02 22:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-24 22:46 5,240,347 ----a-w C:\Program Files\PAHud-Install-v1.18.exe
2007-08-24 11:42 830 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-08-24 11:42 830 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 03:42 67,629,592 ----a-w C:\Program Files\FastlanePinball.zip
2007-08-10 21:26 5,197,508 ----a-w C:\Program Files\wpex_setup.exe
2007-08-05 02:07 3,950,586 ----a-w C:\Program Files\PnC_demo.exe
2007-08-04 22:06 4,670,124 ----a-w C:\Program Files\PAHud-Install-v1.16.exe
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-22 05:34 10,468,630 ----a-w C:\Program Files\FullTiltSetup.exe
2007-07-20 10:33 5,829,695 ----a-w C:\Program Files\ZonerGIFAnimator5.zip
2007-07-19 22:57 780,898 ----a-w C:\Program Files\PokerStoveSetup121.exe
2007-07-07 14:40 3,710,431 ----a-w C:\Program Files\patch21603d.exe
2007-06-28 23:32 5,567,768 ----a-w C:\Program Files\PokerStarsInstall.exe
2007-05-28 03:06 4,265,973 ----a-w C:\Program Files\SitNGoWizardSetup_1_0_1_37.exe
2007-05-26 00:41 812,478 ----a-w C:\Program Files\pkrinstall.exe
2007-05-18 00:34 18,895,728 ----a-w C:\Program Files\Install_Messenger.exe
2007-05-13 01:30 80,034 ----a-w C:\Program Files\TheAbsoluteSolutionv.642.ahk
2007-05-13 00:57 1,994,427 ----a-w C:\Program Files\AutoHotkey104615_Install.exe
2007-05-02 00:04 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-04-28 13:18 1,269,677 ----a-w C:\Program Files\setup_magicdisc74.exe
2007-03-24 04:51 3,655,821 ----a-w C:\Program Files\patch21602b.exe
2007-03-08 23:43 7,807,139 ----a-w C:\Program Files\Setup6.exe
2007-03-08 00:10 3,632,887 ----a-w C:\Program Files\patch21601h.exe
2007-03-03 22:30 17 ----a-w C:\Program Files\stng260.opt
2007-03-03 21:26 1,144,839 ----a-w C:\Program Files\stng260.exe
2006-12-30 03:32 3,525,117 ----a-w C:\Program Files\ek_setup.exe
2006-12-20 03:10 1,251,109 ----a-w C:\Program Files\rmtomp3_tom.exe
2006-12-05 00:09 14,214 ----a-w C:\Program Files\welcometoraketherake.zip
2006-12-04 17:00 36,331,255 ----a-w C:\Program Files\708.rar
2006-12-03 05:58 6,188,760 ----a-w C:\Program Files\AbsolutePoker6_8_15.exe
2006-12-01 22:10 3,492,916 ----a-w C:\Program Files\patch21500g.exe
2006-11-29 07:48 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-17 04:31 47,520,391 ----a-w C:\Program Files\CLFA.rar
2006-11-14 19:31 90,112 ----a-w C:\Program Files\winpct.exe
2006-11-14 19:27 5,319,512 ----a-w C:\Program Files\msjavwu.exe
2006-11-14 17:46 3,490,822 ----a-w C:\Program Files\patch21500d.exe
2006-11-13 16:35 2,369,287 ----a-w C:\Program Files\VeohSetup-2.3.0.1018.exe
2006-11-09 19:00 791,917 ----a-w C:\Program Files\rummy.zip
2006-11-08 13:12 8,282,187 ----a-w C:\Program Files\vlc-0.8.5-win32.exe
2006-10-21 14:06 4,221,306 ----a-w C:\Program Files\LimeWire_Pro_4.12.6.rar
2006-10-08 19:29 3,430,261 ----a-w C:\Program Files\patch21400g.exe
2006-09-29 02:48 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-10 18:50 4,194,334 ----a-w C:\Program Files\PAHud-Install-v1.15d.exe
2006-08-18 21:43 4,279,120 ----a-w C:\Program Files\LimeWire_Pro_4.12.6.exe
2006-08-18 21:37 1,495,392 ----a-w C:\Program Files\VodeiFree.exe
2006-08-14 00:38 10,431,819 ----a-w C:\Program Files\pt2help.exe
2006-08-09 00:15 3,352,866 ----a-w C:\Program Files\patch21301a.exe
2006-08-06 02:46 4,195,546 ----a-w C:\Program Files\PAHud-Install-v1.14.exe
2006-07-24 23:52 1,105,167 ----a-w C:\Program Files\TourneyManager.zip
2006-07-24 23:41 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-07-05 22:19 2,080,036 ----a-w C:\Program Files\SuperMegaSpoof.exe
2006-07-04 19:08 225 ----a-w C:\Program Files\downloaded_from_limewirepro.at.tt.url
2006-07-02 03:16 3,774,356 ----a-w C:\Program Files\PAHud-Install-v1.13j.exe
2006-06-23 01:09 7,168 ----a-w C:\Documents and Settings\Owner\queue.dat
2006-06-23 01:09 1,683,456 ----a-w C:\Documents and Settings\Owner\FahCore_82.exe
2006-05-21 16:32 573,376 ----a-w C:\Program Files\PokerStoveSetup120.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 01:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-08-24 21:14 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-08-24 21:01 C:\WINDOWS\ALCWZRD.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26]
"DXDllRegExe"="dxdllreg.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-24 19:26]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-12 01:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 05:42]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 13:32]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 14:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 14:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)


R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\"
S2 FAH@C:+FAH502-Console.exe;FAH@C:+FAH502-Console.exe;C:\FAH502-Console.exe -svcstart
S3 netrcacm;RCA USB based Digital Cable Modem Win2000 Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 13:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-20 14:00:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 10:02:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winnt256.bmp
C:\WINDOWS\wmprfnor.prx
C:\WINDOWS\_default.pif
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\wmp11.log
C:\WINDOWS\WMPrfAra.prx
C:\WINDOWS\WMPrfCHS.prx
C:\WINDOWS\WMPrfCHT.prx
C:\WINDOWS\wmprfcsy.prx
C:\WINDOWS\wmprfdan.prx
C:\WINDOWS\WMPrfDeu.prx
C:\WINDOWS\wmprfell.prx
C:\WINDOWS\wmprfesp.prx
C:\WINDOWS\wmprffin.prx
C:\WINDOWS\wmprffra.prx
C:\WINDOWS\wmprfheb.prx
C:\WINDOWS\wmprfhun.prx
C:\WINDOWS\wmprfita.prx
C:\WINDOWS\WMPrfJpn.prx
C:\WINDOWS\WMPrfKor.prx
C:\WINDOWS\wmprfnld.prx
C:\WINDOWS\wmprfplk.prx
C:\WINDOWS\wmprfptb.prx
C:\WINDOWS\wmprfptg.prx
C:\WINDOWS\wmprfrus.prx
C:\WINDOWS\wmprfsky.prx
C:\WINDOWS\wmprfslv.prx
C:\WINDOWS\wmprfsve.prx
C:\WINDOWS\wmprftrk.prx
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WORDPAD.INI
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\¶Œ
C:\WINDOWS\ÀŒ
C:\WINDOWS\áŒ
C:\WINDOWS\âŒ
C:\WINDOWS\äŒ
C:\WINDOWS\åŒ
C:\WINDOWS\æŒ
C:\WINDOWS\nj
C:\WINDOWS\Ȍ
C:\WINDOWS\íŒ
C:\WINDOWS\ïŒ
C:\WINDOWS\Ќ
C:\WINDOWS\ь
C:\WINDOWS\òŒ
C:\WINDOWS\ӌ
C:\WINDOWS\ôŒ
C:\WINDOWS\Ռ
C:\WINDOWS\öŒ
C:\WINDOWS\،
C:\WINDOWS\úŒ
C:\WINDOWS\ûŒ
C:\WINDOWS\݌
C:\WINDOWS\þŒ
C:\WINDOWS\ߌ
C:\WINDOWS\÷Œ
C:\WINDOWS\€Œ
C:\WINDOWS\system32\LFTcache.DLL
C:\WINDOWS\system32\imesha32.dll
C:\WINDOWS\system32\osunisvr.exe
C:\WINDOWS\system32\drivers\cdfsnt.sys
C:\WINDOWS\system32\drivers\i8042pex.sys
C:\WINDOWS\system32\drivers\sym2k.sys

scan completed successfully
hidden files: 74

**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@C:+FAH502-Console.exe]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfsnt]
"ImagePath"="system32\drivers\cdfsnt.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042pex]
"ImagePath"="system32\drivers\i8042pex.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym2k]
"ImagePath"="system32\drivers\sym2k.sys"
.
Completion time: 2007-10-20 10:02:37
.
--- E O F ---

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 October 2007 - 11:53 AM

Lets run an F-Secure online scan. This is a little different scan that panda this one will check for rootkits.
  • Click HERE
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.

#9 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 20 October 2007 - 07:06 PM

Scanning Report Saturday, October 20, 2007 19:33:31 - 20:51:17 Computer name: YOUR-99B2A1C14F Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ Result: 5 malware found Java/OpenConnection.AA (virus) * C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\21\4DEEF595-3F1D8795 Tracking Cookie (spyware) * System (Disinfected) W32/Delf.AILU (virus) * C:\PROGRAM FILES\EMPIREPOKERSETUP.EXE (Submitted) * C:\PROGRAM FILES\PARTYPOKERSETUP.EXE (Submitted) W32/Downloader.FZC.dropper (virus) * C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\~UPG0\WEATHERAPP\THEWEATHERCHANNEL_STUBREAL.EXE (Submitted) Statistics Scanned: * Files: 49596 * System: 8171 * Not scanned: 5 Actions: * Disinfected: 1 * Renamed: 0 * Deleted: 0 * None: 4 * Submitted: 3 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{9C362201-9CEA-48A5-B0A8-FF52094A97F9}.BIN * C:\RECYCLER\S-1-5-21-783346484-1452661547-4161351115-1007\DC18.DOC Options Scanning engines: * F-Secure AVP: 7.0.171, 2007-10-19 * F-Secure Blacklight: 1.0.64 * F-Secure Draco: 1.0.35, 0598-150-72 * F-Secure Libra: 2.4.2, 2007-10-19 * F-Secure Orion: 1.2.37, 2007-10-19 * F-Secure Pegasus: 1.19.0, 2007-09-18 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX * Use Advanced heuristics Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 October 2007 - 07:19 PM

Reboot and rescan with HiJackThis and post a new log here. Also please describe how your computer behaves at the moment.

#11 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 20 October 2007 - 07:50 PM

It seems to be fine, i have not been redirected at all!!! Thanks! :thumbup:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:50 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-21-783346484-1452661547-4161351115-1007\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" (User 'Mandy')
O4 - HKUS\S-1-5-21-783346484-1452661547-4161351115-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Mandy')
O4 - HKUS\S-1-5-21-783346484-1452661547-4161351115-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mandy')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5baef032889f47aaa856cce79729b2b1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5baef032889f47aaa856cce79729b2b1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.37/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FAH@C:+FAH502-Console.exe - Unknown owner - C:\FAH502-Console.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.nick.com/...es/clearpix.gif

--
End of file - 11347 bytes

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 October 2007 - 09:08 PM

Close all programs leaving only HijackThis running. Place a check against each of the following,

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Click on Fix Checked when finished and exit HijackThis.

-----------------------------------------

I would not want this on my PC but that is your call. C:\Program Files\Viewpoint
If you have no need for it it can be removed in add and remove programs.
Same for the poker games ;)

Post a new log when done.

Edited by little eagle, 20 October 2007 - 09:09 PM.


#13 shutyomouf

shutyomouf

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 24 October 2007 - 04:06 PM

Here is the new report. I took off viewpoint but I think I will leave the poker games, a 15.46% ROI is too good to remove. :thumbup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:25 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5baef032889f47aaa856cce79729b2b1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5baef032889f47aaa856cce79729b2b1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mandy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.37/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FAH@C:+FAH502-Console.exe - Unknown owner - C:\FAH502-Console.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://www.nick.com/...es/clearpix.gif

--
End of file - 10454 bytes

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 24 October 2007 - 10:14 PM

Sounds like a good reason to keep it :thumbup:

One of the best features of Windows XP is the System Restore option, however if a virus or spyware infection.
There can be backups made in the System Restore folder.
Therefore, clearing the restore points is necessary after a virus or spyware removal.

To reset your restore points, please note that you will need to log into your computer with an account
which has full administrator access. You will know if the account has administrator access because
you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

----------------------------------------------------

Be sure to keep SunJava, updated think they are at 1.6.0_03
In Add/Remove programs click on these and press *remove* if listed:
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5- 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
Or any other outdated J2SE
It is important to remove older versions as these are the ones with the holes in them.
You will be surprised when you go to add/remove to see all of the versions sitting there.
Download Newest >>>> http://www.java.com/...nload/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test

To help keep your PC clean follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users