|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-08-2006, 11:18 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 16
OS: Windows XP
|
Spyware Removal Pop-ups
Hello, I'm looking for help on getting rid of these popups. They are mostly for different spyware removal programs like winantivirus and sysprotect. They'll usually only come up when I first open an internet explorer window. I've run through ad-aware multiple times and it usually finds new problems each time that I run it. My hijackthis file is below, and I also have a report from Activescan available as well if that would help out at all. Thank you to whomever is helping on these issues!!
-------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:38:22 PM, on 10/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Rob\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...//espn.go.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [\\BETTY\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P38 "\\BETTY\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [nwnlfgn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nwnlfgn.dll,tlmbtkf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138081586\ee\AOLSoftware.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
|
     
|
|
10-09-2006, 07:10 AM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Jul 2006
Location: Arkansas, USA
Posts: 291
OS: XP Pro
|
Hi imona286 , Welcome to TSF !!
I recommend you Subscribe to this thread (if you have not already done so) so you are notified of any replies via email To do this : Click Thread Tools, then click Subscribe to this Thread Make sure it is set to Instant Notification by email, then click Subscribe Because some malware is hiding from Hijackthis, I need you to rename HijackThis.exe : Open Windows Explorer Navigate to C:\Documents and Settings\Rob\Desktop\HijackThis.exe Right click on HijackThis.exe and select Rename Type in Analyze.exe and hit Enter Close Windows Explorer Reboot Run Analyze.exe and post a fresh HijackThis log here Thank you ! |
|
|
|
|
10-09-2006, 07:33 AM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 16
OS: Windows XP
|
Thanks for checking on this. Here is the new log:
Logfile of HijackThis v1.99.1 Scan saved at 7:31:14 AM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Rob\Desktop\Analyze.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...//espn.go.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5B24F5C8-62DD-49F7-87FA-84F41F6B6307} - C:\WINDOWS\system32\ddcyy.dll O2 - BHO: (no name) - {730FC317-3AE6-C74E-21A9-0AAD015F46B3} - C:\WINDOWS\system32\afxxzmg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cxfryvyi.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing) O4 - HKLM\..\Run: [\\BETTY\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P38 "\\BETTY\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [nwnlfgn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nwnlfgn.dll,tlmbtkf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138081586\ee\AOLSoftware.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhsq32 - winhsq32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
|
|
|
|
10-09-2006, 09:33 AM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jul 2006
Location: Arkansas, USA
Posts: 291
OS: XP Pro
|
You may wish to print out a copy of these instructions to follow while you complete this procedure
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender After all of the fixes are complete, it is very important that you enable Real-time Protection again I need you to download some programs to aide in our fix :Do Not Run Them Yet Download SmitfraudFix© by S!Ri to your Desktop. Extract all the files to your Desktop A folder named SmitfraudFix will be created Download ATF (Atribune Temp File) Cleaner© by Atribune Download and Install AVG Anti-Spyware© by Grisoft Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it. The program will now go to the main screen You will need to update AVG Anti-Spyware to the latest definition files. On the main screen select the icon Update then select the Update now link Next select the Start Update button, the update will start and a progress bar will show the updates being installed. Close AVG Anti-Spyware Reboot to Safe mode Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : Registry cleaning - Do you want to clean the registry ? answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll Answer Yes to the question Replace infected file ? by typing Y and hit Enter. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into Safe Mode Run ATF Cleaner Double-click ATF Cleaner.exe Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program Run AVG Anti-Spyware Click on Scanner at top Click on Settings Once in the Settings screen click on Recommended actions and then select Quarantine Under Reports, Select Automatically generate report after every scan Un-Select Only if threats were found Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time Once the scan is complete do the following : If you have any infections you will prompted, then select Apply all actions Next select the Reports icon at the top. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Now close AVG Anti-Spyware Reboot into Normal Mode Please run Panda's ActiveScan and perform a full system scan. Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first ) A new window will open...click the big Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It will take a couple minutes) Click on Local Disks to start the scan Click on see report Then click Save report Post a fresh HijackThis log, the AVG Anti-Spyware log, the Panda Scan log and the contents of the rapport.txt file here (You may need to use several replies as the logs may be cut off) Thank you ! |
|
|
|
|
10-09-2006, 10:09 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 16
OS: Windows XP
|
New hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:08:30 PM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE C:\Documents and Settings\Rob\Desktop\Analyze.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1A0F0A74-F196-495A-8D6B-0912DE9D7F49} - C:\WINDOWS\system32\ddcyy.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {730FC317-3AE6-C74E-21A9-0AAD015F46B3} - C:\WINDOWS\system32\afxxzmg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cxfryvyi.dll (file missing) O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing) O4 - HKLM\..\Run: [\\BETTY\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P38 "\\BETTY\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [nwnlfgn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nwnlfgn.dll,tlmbtkf O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138081586\ee\AOLSoftware.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Startup: .protected O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhsq32 - winhsq32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
|
|
|
|
10-09-2006, 10:10 PM
|
#6 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 16
OS: Windows XP
|
avg anti-spyware log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9  58 PM 10/9/2006+ Scan result: I:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP316\A0023674.exe -> Adware.Altnet : Cleaned. I:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP316\A0023685.dll -> Adware.Altnet : Cleaned. I:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned. I:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP316\A0023684.exe -> Adware.PurityScan : Cleaned. C:\Downloads\MLBcomShuffleSetup-dm[1].exe -> Adware.Trymedia : Cleaned. I:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP316\A0023679.exe -> Downloader.Agent.e : Cleaned. I:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP316\A0023689.ocx -> Downloader.Agent.e : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP313\A0023656.exe -> Downloader.Zlob.anw : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP317\A0024671.exe -> Downloader.Zlob.anw : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP346\A0026891.exe -> Downloader.Zlob.anw : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP320\A0024727.exe -> Downloader.Zlob.aod : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\aaardaqe.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\apqhqtno.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\bntjttfo.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\brretuxr.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\ewqukowh.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\ffkscnpt.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\fvciwimw.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\jfmlqybf.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\knfpkflb.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\qnwbptxg.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\qseryyjq.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\tyeudckf.dll -> Logger.VBStat.e : Cleaned. C:\Documents and Settings\Rob\Local Settings\Temp\uuflbwbh.dll -> Logger.VBStat.e : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP317\A0024673.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP320\A0024729.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP321\A0024836.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned. C:\System Volume Information\_restore{BFAA9769-E593-4AAF-AB8E-293FAF3DE65F}\RP323\A0024874.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned. :mozilla.113:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.60:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.62:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.63:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.64:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.65:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.66:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.67:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.68:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.69:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.79:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.148:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.29:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.30:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.31:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.32:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.33:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.26:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned. :mozilla.6:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.8:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.9:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.82:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Com : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@com[1].txt -> TrackingCookie.Com : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@com[3].txt -> TrackingCookie.Com : Cleaned. :mozilla.28:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned. :mozilla.86:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.87:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.88:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.89:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.90:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4olc5efoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkowod5oaoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qlcpwgpq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyshcjodpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4gpajgcpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiajczahpqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyumc5wkqqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycndjaapaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.47:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.50:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.51:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.116:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.72:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.73:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.74:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.75:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.117:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned. :mozilla.124:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.125:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.126:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.130:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.34:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.35:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.36:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.37:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.38:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.39:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.40:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.41:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.43:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.45:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned. I:\Documents and Settings\Rob\Cookies\rob@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned. :mozilla.48:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.49:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.52:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.53:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.54:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\v62icapt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\WINDOWS\system32\cxfryvyi.dll -> Trojan.BHO.g : Cleaned. ::Report end |
|
|
|
|
10-09-2006, 10:11 PM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 16
OS: Windows XP
|
panda scan log
Incident Status Location
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Rob\Cookies\rob@apmebf[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Rob\Cookies\rob@go[2].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Rob\Cookies\rob@qksrv[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\funvcjmo.exe Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe Spyware:Cookie/Bluestreak Not disinfected I:\FOUND.001\FILE0024.CHK Spyware:Cookie/Adserver Not disinfected I:\FOUND.001\FILE0238.CHK Spyware:Cookie/CentrPort Not disinfected I:\FOUND.001\FILE0540.CHK Spyware:Cookie/WebPower Not disinfected I:\FOUND.001\FILE0723.CHK Spyware:Cookie/Kount Not disinfected I:\FOUND.001\FILE1129.CHK Spyware:Cookie/Rightmedia Not disinfected I:\FOUND.001\FILE1151.CHK Spyware:Cookie/TeensForCash Not disinfected I:\FOUND.001\FILE1196.CHK Spyware:Cookie/TeensForCash Not disinfected I:\FOUND.001\FILE1197.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.001\FILE1316.CHK Spyware:Cookie/FastClick Not disinfected I:\FOUND.001\FILE1728.CHK Spyware:Cookie/Casalemedia Not disinfected I:\FOUND.001\FILE1729.CHK Spyware:Cookie/Traffic Marketplace Not disinfected I:\FOUND.001\FILE1793.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.001\FILE1814.CHK Spyware:Cookie/Tickle Not disinfected I:\FOUND.001\FILE1851.CHK Spyware:Cookie/SpywareStormer Not disinfected I:\FOUND.001\FILE1891.CHK Spyware:Cookie/Atwola Not disinfected I:\FOUND.001\FILE1925.CHK Spyware:Cookie/adultfriendfinder Not disinfected I:\FOUND.001\FILE1939.CHK Spyware:Cookie/WebPower Not disinfected I:\FOUND.001\FILE2454.CHK Spyware:Cookie/Socalcoeds Not disinfected I:\FOUND.001\FILE3036.CHK Spyware:Cookie/myaffiliateprogram Not disinfected I:\FOUND.001\FILE3301.CHK Spyware:Cookie/BurstNet Not disinfected I:\FOUND.001\FILE3747.CHK Spyware:Cookie/FreshAuditionsDating Not disinfected I:\FOUND.001\FILE4092.CHK Spyware:Cookie/BurstNet Not disinfected I:\FOUND.001\FILE4128.CHK Spyware:Cookie/BurstBeacon Not disinfected I:\FOUND.001\FILE4129.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.001\FILE4324.CHK Spyware:Cookie/myaffiliateprogram Not disinfected I:\FOUND.001\FILE4329.CHK Spyware:Cookie/Banner Not disinfected I:\FOUND.001\FILE4368.CHK Spyware:Cookie/Target Not disinfected I:\FOUND.001\FILE4408.CHK Spyware:Cookie/QuestionMarket Not disinfected I:\FOUND.001\FILE4499.CHK Spyware:Cookie/Zedo Not disinfected I:\FOUND.001\FILE4530.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.001\FILE4578.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.002\FILE0001.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.005\FILE0001.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.007\FILE0074.CHK Spyware:Spyware/BetterInet Not disinfected I:\Program Files\Common Files\SearchUpgrader\system.cfg Spyware:Cookie/Go Not disinfected I:\FOUND.010\FILE0000.CHK Spyware:Cookie/Go Not disinfected I:\FOUND.011\FILE0001.CHK Adware:Adware/BuddyLinks Not disinfected I:\Documents and Settings\Rob\Local Settings\Temp\nr_install.exe[ru.exe] Adware:Adware/BuddyLinks Not disinfected I:\Documents and Settings\Rob\Local Settings\Temp\nr_install.exe[shell.exe] Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Local Settings\Temp\~DFBAE3.tmp Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Local Settings\Temp\~DF503F.tmp Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@go[3].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Local Settings\Temp\Cookies\rob@go[2].txt Spyware:Cookie/Kazaa Networks Not disinfected I:\Documents and Settings\Rob\Cookies\rob@desktop.kazaa[2].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[1].txt Spyware:Cookie/Banner Not disinfected I:\Documents and Settings\Rob\Cookies\rob@banner[1].txt Spyware:Cookie/Rn11 Not disinfected I:\Documents and Settings\Rob\Cookies\rob@rn11[2].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[9].txt Spyware:Cookie/Rightmedia Not disinfected I:\Documents and Settings\Rob\Cookies\rob@rightmedia[1].txt Spyware:Cookie/Barelylegal Not disinfected I:\Documents and Settings\Rob\Cookies\rob@c.fsx[1].txt Spyware:Cookie/Rn11 Not disinfected I:\Documents and Settings\Rob\Cookies\rob@rn11[1].txt Spyware:Cookie/888 Not disinfected I:\Documents and Settings\Rob\Cookies\rob@888[2].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[4].txt Spyware:Cookie/GangbangSquad Not disinfected I:\Documents and Settings\Rob\Cookies\rob@www.gangbangsquad[2].txt Spyware:Cookie/TeensForCash Not disinfected I:\Documents and Settings\Rob\Cookies\rob@teensforcash[1].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[3].txt Spyware:Cookie/64.62.232 Not disinfected I:\Documents and Settings\Rob\Cookies\rob@64.62.232[2].txt Spyware:Cookie/Atwola Not disinfected I:\Documents and Settings\Rob\Cookies\rob@atwola[1].txt Spyware:Cookie/TeensForCash Not disinfected I:\Documents and Settings\Rob\Cookies\rob@www.teensforcash[1].txt Spyware:Cookie/WebPower Not disinfected I:\Documents and Settings\Rob\Cookies\rob@webpower[1].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[13].txt Spyware:Cookie/Gorillanation Not disinfected I:\Documents and Settings\Rob\Cookies\rob@ads.gorillanation[1].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[6].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[7].txt Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Rob\Cookies\rob@go[8].txt Spyware:Cookie/Kazaa Networks Not disinfected I:\Documents and Settings\Rob\Cookies\rob@desktop.kazaa[3].txt Spyware:Cookie/OfferOptimizer Not disinfected I:\Documents and Settings\Rob\Cookies\rob@offeroptimizer[1].txt Spyware:Cookie/Rightmedia Not disinfected I:\Documents and Settings\Rob\Cookies\rob@rightmedia[2].txt Spyware:Cookie/OfferOptimizer Not disinfected I:\Documents and Settings\Rob\Cookies\anyuser@offeroptimizer[1].txt Spyware:Cookie/Atwola Not disinfected I:\Documents and Settings\Rob\Cookies\rob@atwola[3].txt Spyware:Cookie/TeensForCash Not disinfected I:\Documents and Settings\Rob\Cookies\rob@www.teensforcash[2].txt |
|
|
