buffs virus

itswashbuff · 07-17-2008, 12:04 PM

I had much trouble yesterday trying to implement the directions. When finally in step 5, I was "bounced" off of your sight numerous times when I tried to "send" my posting. As of now I have lost all scan reports so have nothing to send you. This page "froze" on me last night, and this morning I was unable to have any of your sights respond. to my promptings. This has felt like an exercise in futility. Buffy

itswashbuff · 07-17-2008, 06:26 PM

;I have been having difficulty getting on line and staying on line. When on line am repeatedly "bounced" off, had the web sight page "froze" and have lost emails when try to send. Have then found emails in my in box, in the trash bin. The problem has gotten progressively worse. Internet explorer comes on and off regularly. Please help!!!

***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-17 17:43:15
PROTECTIONS: 2
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 10.2 No Yes
Windows Defender 1.1.3704.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\EndProcess.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@247realmedia[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@clickbank[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.com.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.bs.serving-sys.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@advertising[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@overture[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\gold@atwola[1].txt
02974799 Adware/Naupoint Adware No 0 No No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe[²èÇ]
03267667 Adware/Megasearch Adware No 0 Yes No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location [E�n��
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description [E�n��
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================

itswashbuff · 07-17-2008, 06:29 PM

i am having trouble attaching additional files the manage attachements says to add help me do this please. I sent the first due to loosing every thing in the past.

Ried · 07-17-2008, 07:26 PM

Hello itswashbuff,

Can you at least copy/paste the contents of the main.txt for me? We can't do anything without seeing some sort of log.

itswashbuff · 07-17-2008, 07:31 PM

i sent you what i have. please tell me i don't have to rescan again???? buff

Ried · 07-17-2008, 07:34 PM

The Panda results do not tell me enough at all.

The tool I want you to run will only take a minute or so to download if you are on a high speed connection. If you are on dial up, it may take a couple minutes.

The tool itself will complete it's scan in 10 minutes.

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

itswashbuff · 07-17-2008, 08:17 PM

**********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-17 17:43:15
PROTECTIONS: 2
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 10.2 No Yes
Windows Defender 1.1.3704.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\EndProcess.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@247realmedia[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@clickbank[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.com.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.bs.serving-sys.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@advertising[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@overture[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\gold@atwola[1].txt
02974799 Adware/Naupoint Adware No 0 No No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe[²èÇ]
03267667 Adware/Megasearch Adware No 0 Yes No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location [E�n��
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description [E�n��
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================

itswashbuff · 07-17-2008, 08:33 PM

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-17 17:43:15
PROTECTIONS: 2
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 10.2 No Yes
Windows Defender 1.1.3704.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\EndProcess.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\coDeckard's System Scanner v20071014.68
Run by Gold on 2008-07-17 20:09:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Gold.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:09 PM, on 7/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Gold\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gold.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10770 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 18:01:25 0 d-------- C:\Program Files\Trend Micro
2008-07-16 15:05:57 0 d-------- C:\Users\All Users\Windows Genuine Advantage
2008-07-16 13:46:24 0 d-------- C:\ie-spyad_zo
2008-07-16 11:40:04 0 d-------- C:\Program Files\Panda Security
2008-07-13 19:16:31 487424 --a------ C:\Users\Gold\GoToAssist_phone__268_en.exe <Not Verified; Citrix Online; GoToAssist>
2008-06-25 14:24:18 0 d-------- C:\Users\All Users\IM
2008-06-25 14:24:17 0 d-------- C:\Users\All Users\IncrediMail
2008-06-23 10:33:37 557056 --a------ C:\Users\Gold\GoToAssist_phone__317_en.exe <Not Verified; Citrix Online; GoToAssist>

-- Find3M Report ---------------------------------------------------------------

2008-07-17 11:30:01 27240 --a------ C:\Users\Gold\AppData\Roaming\nvModes.001
2008-07-08 22:38:55 0 d-------- C:\Program Files\Windows Mail
2008-06-28 15:01:47 164809 --a------ C:\Windows\hpoins21.dat
2008-06-28 13:41:05 27240 --a------ C:\Users\Gold\AppData\Roaming\nvModes.dat
2008-06-14 12:54:42 0 d-------- C:\Users\Gold\AppData\Roaming\HP
2008-06-14 12:30:05 0 d-------- C:\Program Files\HP
2008-06-14 12:27:36 0 d-------- C:\Program Files\Common Files
2008-06-14 12:27:36 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-14 12:26:54 0 d-------- C:\Program Files\Common Files\HP
2008-06-13 18:20:38 0 d-------- C:\Program Files\Verizon
2008-06-13 18:16:12 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-13 17:51:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-13 15:36:53 0 d-------- C:\Users\Gold\AppData\Roaming\GTek
2008-06-12 21:42:35 0 d-------- C:\Users\Gold\AppData\Roaming\vol_toolbar
2008-05-30 20:20:22 0 d-------- C:\Users\Gold\AppData\Roaming\WildTangent
2008-05-21 03:54:47 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 22:33:45 174 --ahs---- C:\Program Files\desktop.ini
2008-05-18 22:22:51 0 d-------- C:\Program Files\Windows Sidebar
2008-05-18 22:22:51 0 d-------- C:\Program Files\Windows Calendar
2008-05-18 22:22:51 0 d-------- C:\Program Files\Movie Maker
2008-05-18 22:22:48 0 d-------- C:\Program Files\Windows Collaboration
2008-05-18 22:22:47 0 d-------- C:\Program Files\Windows Journal
2008-05-18 22:22:46 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-18 22:22:41 0 d-------- C:\Program Files\Windows Defender
2008-05-18 20:44:07 0 d-------- C:\Users\Gold\AppData\Roaming\Apple Computer
2008-05-18 20:43:41 0 d-------- C:\Program Files\iTunes
2008-05-18 20:43:32 0 d-------- C:\Program Files\iPod
2008-05-18 20:42:52 0 d-------- C:\Program Files\Bonjour
2008-05-18 20:42:36 0 d-------- C:\Program Files\QuickTime
2008-05-18 20:38:43 0 d-------- C:\Program Files\Common Files\Apple
2008-05-12 09:22:23 81 --a------ C:\Windows\system32\LOG

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
11/05/2007 11:50 PM 542016 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 01:29 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [10/02/2007 10:00 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [09/06/2007 02:46 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 12:38 AM]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [09/13/2007 08:47 AM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/08/2007 03:53 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 02:25 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 05:00 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [05/17/2007 02:45 PM]
"VX1000"="C:\Windows\vVX1000.exe" [04/10/2007 02:46 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 03:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 04:34 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 05:31 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 08:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 09:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 08:36 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/28/2007 01:06 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/28/2007 01:06 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/28/2007 01:06 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/14/2007 07:17 PM]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 02:31 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [10/14/2007 6:38:52 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/15/2008 9:19:43 AM]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [10/25/2007 2:08:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd18874-209f-11dd-80dc-001b24f57637}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d1507c-20c2-11dd-8a70-806e6f6e6963}]
AutoRun\command- E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-07-17 20:09:37 ------------

okies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@247realmedia[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@clickbank[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.com.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.bs.serving-sys.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@advertising[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@overture[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\gold@atwola[1].txt
02974799 Adware/Naupoint Adware No 0 No No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe[²èÇ]
03267667 Adware/Megasearch Adware No 0 Yes No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location [E�n��
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description [E�n��
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================

tetonbob · 07-20-2008, 05:08 PM

Hello itswashbuff -

I believe these logs belong in this thread. Ried would not know you posted in a new thread, so I've merged them.

Back to you, Ried .

Ried · 07-20-2008, 06:56 PM

Thank you tetonbob.

Unfortunately, I'm not seeing anything malicious in any of these reports.

Has Symantec alerted you to any virus?

When did these issues start?

Do you have the same issue with Firefox?

07-17-2008, 12:04 PM	#1 (permalink)
itswashbuff Registered User Join Date: Jul 2008 Posts: 6 OS: windowsvista	buffs virus I had much trouble yesterday trying to implement the directions. When finally in step 5, I was "bounced" off of your sight numerous times when I tried to "send" my posting. As of now I have lost all scan reports so have nothing to send you. This page "froze" on me last night, and this morning I was unable to have any of your sights respond. to my promptings. This has felt like an exercise in futility. Buffy

07-17-2008, 06:26 PM	#2 (permalink)
itswashbuff Registered User Join Date: Jul 2008 Posts: 6 OS: windowsvista	buffs virus ;I have been having difficulty getting on line and staying on line. When on line am repeatedly "bounced" off, had the web sight page "froze" and have lost emails when try to send. Have then found emails in my in box, in the trash bin. The problem has gotten progressively worse. Internet explorer comes on and off regularly. Please help!!! ********************************************************************************************************************************************************************************* ANALYSIS: 2008-07-17 17:43:15 PROTECTIONS: 2 MALWARE: 17 SUSPECTS: 0 ;********************************************************************************************************************************************************************************* PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Symantec Antivirus Corporate Edition 10.2 No Yes Windows Defender 1.1.3704.0 No No ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\EndProcess.exe 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@247realmedia[2].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@clickbank[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.com.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.bs.serving-sys.com/] 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/] 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@advertising[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@overture[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\gold@atwola[1].txt 02974799 Adware/Naupoint Adware No 0 No No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe[²èÇ] 03267667 Adware/Megasearch Adware No 0 Yes No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location [E�n�� s5 ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description [E�n�� s5 ;=================================================================================================================================================================================== ;===================================================================================================================================================================================

07-17-2008, 06:29 PM	#3 (permalink)
itswashbuff Registered User Join Date: Jul 2008 Posts: 6 OS: windowsvista	Re: buffs virus i am having trouble attaching additional files the manage attachements says to add help me do this please. I sent the first due to loosing every thing in the past.

07-17-2008, 07:26 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 18,636 OS: WinXP and Win98se	Re: buffs virus Hello itswashbuff, Can you at least copy/paste the contents of the main.txt for me? We can't do anything without seeing some sort of log. __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-17-2008, 07:31 PM	#5 (permalink)
itswashbuff Registered User Join Date: Jul 2008 Posts: 6 OS: windowsvista	Re: buffs virus i sent you what i have. please tell me i don't have to rescan again???? buff

07-17-2008, 07:34 PM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 18,636 OS: WinXP and Win98se	Re: buffs virus The Panda results do not tell me enough at all. The tool I want you to run will only take a minute or so to download if you are on a high speed connection. If you are on dial up, it may take a couple minutes. The tool itself will complete it's scan in 10 minutes. Download Deckard's System Scanner (DSS) to your Desktop. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. Please include the following in your next reply: main.txt an attached extra.txt __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-17-2008, 08:17 PM	#7 (permalink)
itswashbuff Registered User Join Date: Jul 2008 Posts: 6 OS: windowsvista	buffsmain text-resend ******************************************************************************************************************************************************************************** ANALYSIS: 2008-07-17 17:43:15 PROTECTIONS: 2 MALWARE: 17 SUSPECTS: 0 ;********************************************************************************************************************************************************************************* PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Symantec Antivirus Corporate Edition 10.2 No Yes Windows Defender 1.1.3704.0 No No ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\EndProcess.exe 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@247realmedia[2].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@clickbank[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.com.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.apmebf.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.bs.serving-sys.com/] 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/] 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[stat.onestat.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@advertising[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@overture[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\Low\gold@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Mozilla\Firefox\Profiles\8jaf5h25.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gold\AppData\Roaming\Microsoft\Windows\Cookies\gold@atwola[1].txt 02974799 Adware/Naupoint Adware No 0 No No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe[²èÇ] 03267667 Adware/Megasearch Adware No 0 Yes No C:\Deckard\System Scanner\backup\Users\Gold\AppData\Local\Temp\vol_bt_all.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location [E�n�� s5 ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description [E�n�� s5 ;=================================================================================================================================================================================== ;===================================================================================================================================================================================

07-20-2008, 05:08 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 24,208 OS: 2000 Pro; XP Pro; XP Home	Re: buffs virus Hello itswashbuff - I believe these logs belong in this thread. Ried would not know you posted in a new thread, so I've merged them. Back to you, Ried . __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Our help is voluntary, but this site needs donations to operate. Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.

07-20-2008, 06:56 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 18,636 OS: WinXP and Win98se	Re: buffs virus Thank you tetonbob. Unfortunately, I'm not seeing anything malicious in any of these reports. Has Symantec alerted you to any virus? When did these issues start? Do you have the same issue with Firefox? __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."