Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

UIPopupHidden...


  • Please log in to reply
30 replies to this topic

#1 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 06 May 2008 - 10:52 AM

Hello...could someone check my HJT log please? i think im infected with something, everytime i put in a url..it takes forever, the machine acts like its hung it takes forever to load anything and when i reboot i keep getting this End Now on a program i dont know of its called UIPOPUPHIDDEN..what is this?

here is a fresh log...please help!! thank you

Snow :)



Logfile of HijackThis v1.99.1
Scan saved at 12:47, on 08-05-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Documents and Settings\MOM\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bell\Security Manager\PrtlAgt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\sUBs\TSF\catchme.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...i-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0009.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.s...nadaActiveX.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04FE050-90DE-4EDD-A719-7CF3EBA4175E} (DetectCtl Class) - http://transition.sy...ystemdetect.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://signup.msn.c...ages/msxml3.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\MOM\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe

    Advertisements

Register to Remove


#2 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 11 May 2008 - 01:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

Sorry about the delay in responding :( The forums have been very busy

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please make an uninstall list and post that as well

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.


Gringo


#3 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 11 May 2008 - 06:49 AM

Hi Gringo, thank you for replying...i know you guys are very busy its much appreciated :)

i still have an annoyance which i cant seem to get rid of...the Combofix Icon on my desktop, i cant find the program on here, when i did try to download it all i got was the icon and when you click on it it says its being used by another person, now it wont let me delete the icon...i suspect that might be the cause of my machine loading mainpage very slow a google just spins for the longest time.

here is the uninstall list

Acoustica Effects Pack
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Authentium AntiVirus SDK - 2
AVG Anti-Spyware 7.5
Camera Driver
CCScore
Compatibility Pack for the 2007 Office system
Corel WordPerfect Suite 8
Daycare Information System Plus
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
ewido anti-malware
fflink
FL Studio 6
Frets On Fire
Future Photo Print Wizard (Standalone)
GdiplusUpgrade
Guitar Pro 4 Demo
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Extended Capabilities 5.3
HP Imaging Device Functions 6.0
HP Photosmart Cameras 6.0
HP Photosmart Essential
HP PSC & OfficeJet 5.3.B
HP Solution Center and Imaging Support Tools 6.0
HP Update
HydraVision
Image Transfer
ImageMixer for Sony
Impulse 1.0
Indeo® Software
Intel® PRO Network Adapters and Drivers
Internet Check-Up
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
K-Lite Codec Pack
Kodak EasyShare software
Logitech ImageStudio
Logitech Print Service
Macromedia Flash Player 8
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
Mozilla Firefox (2.0.0.14)
MPIO Software Installation
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MySpaceIM
netbrdg
Netscape Browser (remove only)
NTI CD & DVD-Maker 6 Gold
OfotoXMI
overland
PerfectDisk
PMP Transcoder
Power Tab Editor 1.7
Power Tab Editor 1.7
PowerDVD
PPSDKRedistributables
QuickTax 2004
QuickTax 2005
QuickTax 2006
QuickTax 2007
QuickTime
Radialpoint Security Services
RealArcade
RealPlayer
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Samsung YP-55
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SFR
SHASTA
skin0001
SKINXSDK
Solitaire 25
Sony USB Driver
Spybot - Search & Destroy 1.4
staticcr
Sympatico Security Advisor 1.5.11
Sympatico Security Manager
TabTrax Demo 1.9
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Browser Services
Yahoo! Messenger
yepp studio

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:50 AM, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Bell\Security Manager\PrtlAgt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...i-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.s...nadaActiveX.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04FE050-90DE-4EDD-A719-7CF3EBA4175E} (DetectCtl Class) - http://transition.sy...ystemdetect.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://signup.msn.c...ages/msxml3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C190CDEB-675B-448D-BFCD-6C45E54F9C7F}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe

--
End of file - 14405 bytes

thank you

Edited by Snow, 11 May 2008 - 06:54 AM.


#4 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 11 May 2008 - 09:53 PM

Hello Snow

Hello...could someone check my HJT log please? i think im infected with something, everytime i put in a url..it takes forever, the machine acts like its hung it takes forever to load anything and when i reboot i keep getting this End Now on a program i dont know of its called UIPOPUPHIDDEN..what is this?



Have been doing alot of research on this and have come up with a few things

1. this is caused by the antivirus and security programs that was installed by your ISP
2. the antivirus you have is not very well liked around
3. we can do this two ways if you want to keep the programs that you have now I will give you the information that i have found or if you want we can uninstall what you have and I can offer you some good free alternatives


i still have an annoyance which i cant seem to get rid of...the Combofix Icon on my desktop, i cant find the program on here, when i did try to download it all i got was the icon and when you click on it it says its being used by another person, now it wont let me delete the icon...i suspect that might be the cause of my machine loading mainpage very slow a google just spins for the longest time.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Posted Image

If you don't play all these games you can rerun hijackthis and put a checkmark next to all of these

O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...e-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Jungle Gin by pogo - <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...a-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...k-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co...e-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...i-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...r-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...2-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...s-ob-assets.cab <http://game1.pogo.co...-ob-assets.cab>



:information and logs:

In your next post I need the following

1.let me know about your current antivirus
2.let me know about combofix
3.let me have a new hijackthis log
[/list]
Gringo


#5 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 12 May 2008 - 04:37 AM

We will be keeping our current Anti-Virus package, this End Now process on UIpop..only started recently and we have had this Anti-virus from our server for several years now. As for the Combo Fix...i did the run...it said it dosent exist...i had even tried to remove the icon in safe mode yesterday...still couldnt delete it.

New HJT log .. thank you :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:37 AM, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bell\Security Manager\PrtlAgt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.s...nadaActiveX.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04FE050-90DE-4EDD-A719-7CF3EBA4175E} (DetectCtl Class) - http://transition.sy...ystemdetect.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://signup.msn.c...ages/msxml3.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe

--
End of file - 10041 bytes

#6 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 15 May 2008 - 06:51 AM

im still getting that UIPOPUPHIDDEN End now process window :pullhair:

#7 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 17 May 2008 - 07:39 AM

Hello Snow

I would like to apologize for not responding sooner. They have had me mad busy at work.

As I said this is related to the software you recieved from your ISP

You can follow the directions found here at the home page of your antivirus software.


http://forums.radial...h...ed&pid=1039


Gringo

Edited by gringo_pr, 17 May 2008 - 07:40 AM.


#8 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 19 May 2008 - 04:50 PM

ok thank you Gringo..i will look into it asap... :) Snow

#9 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 23 May 2008 - 04:26 PM

Hello snow just wondering how did it go? Gringo

#10 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 23 May 2008 - 07:33 PM

Hi Gringo...

sorry i havent gotten back earlier too...i ran a Trendmicro scan earlier this week and found Freeloader-Smitfraud, it deleted it, and Uipopuphidden seems to have disappeared at shutdown since then, dont know if there is a connection to the two, does it make any sense? my net still seems to hang forever once the home page has been loaded (which loads fast) trying to load anything else times out feels like dial up and is very aggravating...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:30 PM, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bell\Security Manager\PrtlAgt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.s...nadaActiveX.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04FE050-90DE-4EDD-A719-7CF3EBA4175E} (DetectCtl Class) - http://transition.sy...ystemdetect.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://signup.msn.c...ages/msxml3.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe

    Advertisements

Register to Remove


#11 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 25 May 2008 - 03:33 PM

Hello snow

:Disable AVG Anti-Spyware:

  • Please disable AVG Anti-Spyware until the computer is clean.

  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  • Reply 'no' and set it to 'inactive' for the duration of your cleanup.

Don't forget to re-enable it, when your computer is clean.


:Clean temp files:

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose: Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox: Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program
[/list]

:uninstall some programs:

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs

ewido anti-malware
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1


and click on remove

Reboot the computer now please

: Update Java :

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
  • Download the latest version of Java™ SE Runtime Environment 6u6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

:Run Kaspersky Online AV Scanner:

  • Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply

:information and logs:

In your next post I need the following

1.log from MBAM
2.log from kaspersky
3.new log from Hijackthis
[/list]
Gringo


#12 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 26 May 2008 - 10:23 AM

Hello Gringo...

The AVG isnt working it says its not installed so i didnt do anything with it...i have the MBAM Scan done and the Kapersky also but the only trouble with the Kapersky scan is...a couple years ago we had to reformat the computer and i have the Old Disk Structure on file and it scanned through it all when i went to post the Scan earlier it messed up this forum page and it went blank...is there another way i can skip Old Disk Structure while Kapersky rescans?

here is the results of the other scan and a fresh HJT log...thank you :)

Malwarebytes' Anti-Malware 1.12
Database version: 788

Scan type: Full Scan (C:\|)
Objects scanned: 260503
Time elapsed: 1 hour(s), 26 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:15 PM, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bell\Security Manager\PrtlAgt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.s...nadaActiveX.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04FE050-90DE-4EDD-A719-7CF3EBA4175E} (DetectCtl Class) - http://transition.sy...ystemdetect.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://signup.msn.c...ages/msxml3.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe

--
End of file - 9926 bytes

Snow

#13 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 27 May 2008 - 07:39 PM

Hello snow

I realy want to check that all has been cleaned up.

Please try panda onlinescan and send me the report when it is done

: Run Panda Online Scan

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- Save the log file to your desktop


#14 Snow

Snow

    Authentic Member

  • Authentic Member
  • PipPip
  • 98 posts

Posted 28 May 2008 - 10:27 AM

Hi Gringo...i hope i did this right but i dont think i did, when i clicked for the Panda Scan asked to download the Active x then it started to scan right away, it had a big green Scan Now, i couldnt choose the folders etc..like you asked...this scan took 4hrs since it scanned the My Old Disk Structure as you can see, ive been trying to put that on CD but it wont let me, or even delete it, whenever anything scans it always goes through MODS and it takes forever...this is the result of the scan, the Kaspersky Scan ....is huge since it scanned MODS too...sorry about that i really dont know what else to do with those old files, even tried to put it on a memory stick...wouldnt let me, cant access the files either they are all locked... ANALYSIS: 2008-05-28 12:21:16 PROTECTIONS: 0 MALWARE: 35 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00018331 adware/gator Adware No 0 Yes No c:\windows\gatorpdploudinstaller.log 00020255 Exploit/ByteVerify HackTools No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-7ea0a603-1aa5560d.zip[Dummy.class] 00024402 Exploit/iFrame HackTools No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Local Settings\Application Data\IM\Identities\{BF9ED78F-4E6F-47B2-9BA3-D4200007AE94}\Message Store\Deleted Items.imm[~0000048.~][~0000003.~] 00047746 Adware/Lop Adware No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Local Settings\Temp\plaqqvvt.exe 00047746 Adware/Lop Adware No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\funkforsite\DART COAL ROAD BAIT.exe 00047746 Adware/Lop Adware No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\funkforsite\ddwrxlxt.exe 00047746 Adware/Lop Adware No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\funkforsite\Open Mpeg Once.exe 00047746 Adware/Lop Adware No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Local Settings\Temp\gvsoegcr.exe 00098558 W32/Netsky.Q.worm Virus/Worm No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Local Settings\Application Data\IM\Identities\{BF9ED78F-4E6F-47B2-9BA3-D4200007AE94}\Message Store\Deleted Items.imm[~0000048.~][message.pif] 00116420 Exploit/ByteVerify HackTools No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-4804a7ca.zip[Dummy.class] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.trafficmp.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\MOM\Cookies\mom@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.atdmt.com/] 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\MOM\Desktop\SDFix.exe[SDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\MOM\Desktop\SDFix\apps\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\MOM\Desktop\Unsed Icons\SDFix\apps\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP184\A0026930.exe 00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.smni.com/] 00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.smni.com/] 00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.smni.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.tribalfusion.com/] 00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Cookies\dan@belnk[1].txt 00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Cookies\melanie@belnk[1].txt 00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@belnk[1].txt 00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@dist.belnk[2].txt 00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Cookies\dan@dist.belnk[2].txt 00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Cookies\melanie@dist.belnk[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Application Data\Shockwave.com\Mozilla\Profiles\default\mzcpr91v.slt\cookies.txt[.xiti.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Cookies\melanie@xiti[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Cookies\melanie@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[ad.yieldmanager.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Cookies\dan@burstnet[1].txt 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Cookies\dan@888[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DAN\Application Data\Mozilla\Firefox\Profiles\r5yme8rv.default\cookies.txt[.advertising.com/] 00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@adopt.hbmediapro[2].txt 00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@rn11[2].txt 00188480 Cookie/Paypopup TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Dan\Cookies\dan@paypopup[2].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\xvede95f.default\cookies-1.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\xvede95f.default\cookies-1.txt[.adultfriendfinder.com/] 00202506 dialer.cso Dialers No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3EB94323-0856-4479-AA22-D81BBFEEA91E} 00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Cookies\melanie@i.screensavers[2].txt 00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@i.screensavers[1].txt 00260419 Dialer.GQK Dialers No 0 Yes No C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP178\A0026543.inf 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@atwola[1].txt 00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP171\A0026060.exe 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\MOM\Desktop\Unsed Icons\SmitfraudFix\Reboot.exe 02423184 Adware/Lop Adware No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Desktop\MsgPlus-301.exe 02477472 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP178\A0026586.exe 02624470 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP201\A0031439.exe 02634745 Application/Playmp3z HackTools No 0 Yes No C:\Documents and Settings\MEL\Desktop\PLAY_MP3.exe 02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Diane\Cookies\diane@h.starware[1].txt 02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\My old Disk Structure -- 05-09-08 0901PM\Documents and Settings\Melanie\Cookies\melanie@h.starware[1].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== Yes C:\Documents and Settings\MOM\Desktop\Unsed Icons\MsnVirRem.exe ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================

Edited by Snow, 28 May 2008 - 10:41 AM.


#15 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 29 May 2008 - 07:35 PM

Hello Snow

the folder My old Disk Structure is it needed? or do you want to get rid of it? and it seems to be dated and it has the date from three days after you came here C:\My old Disk Structure -- 05-09-08 well the only things in the logs are from that folder so unless there is something needed in it then follow the directions below to get rid of it


:OTMoveIt2:

  • Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\My old Disk Structure -- 05-09-08 0901PM\
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2


    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

if you have a reason to keep the folder let me know so i can give you more instructions

let me have the log from OTmoveit2


Gringo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users