Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Viewpoint/Grokster keep reappearing Viewpoint/Grokster keep reappearing
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 04-22-2007, 08:06 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Pin Viewpoint/Grokster keep reappearing
So after Viewpoint started reappearing rather irregularly, and Grokster keeps showing up in Pest Patrol, I figured I should post the HiJackthis log and see what happens. All five steps have been completed, and all Windows updates also completed.

Per instructions, the extra file will be attached.

Deckard's System Scanner v20070411.38
Run by Owner on 2007-04-22 at 21:54:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-04-23 01:54:11 UTC - RP593 - Deckard's System Scanner Restore Point
11: 2007-04-22 01:25:59 UTC - RP592 - System Checkpoint
10: 2007-04-21 01:09:10 UTC - RP591 - System Checkpoint
9: 2007-04-19 20:44:41 UTC - RP590 - System Checkpoint
8: 2007-04-18 13:41:02 UTC - RP589 - Installed Veoh Player


-- First Restore Point --
1: 2007-04-11 11:32:07 UTC - RP582 - Installed HP Update


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:58:14 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\MAINTE~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47...t/brickout.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47.../blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128476816781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146194990968
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
R1 VETEFILE (VET File Scan Engine) - c:\windows\system32\drivers\vetefile.sys
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys
R2 X4HSX32 - c:\program files\gametap\bin\release\x4hsx32.sys
R3 ltmodem5 (Agere Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 Ps2 - c:\windows\system32\drivers\ps2.sys
R3 SAMFILT - c:\windows\system32\drivers\samfilt.sys
R3 VETEBOOT (VET Boot Scan Engine) - c:\windows\system32\drivers\veteboot.sys

S0 viaagp1 (VIA AGP Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing)
S2 nvcap (nVidia WDM Video Capture (universal)) - c:\windows\system32\drivers\nvcap.sys
S2 NVXBAR (nVidia WDM A/V Crossbar) - c:\windows\system32\drivers\nvxbar.sys
S3 ATWPKT2 - c:\windows\system32\drivers\atwpkt2.sys (file missing)
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys
S3 S3Psddr - c:\windows\system32\drivers\s3gnbm.sys
S3 SiS315 - c:\windows\system32\drivers\sisgrp.sys
S3 viagfx - c:\windows\system32\drivers\vtmini.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CAISafe - c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe
R2 MSSQL$MICROSOFTBCM - c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlservr.exe -smicrosoftbcm
R2 VETMSGNT (VET Message Service) - c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe

S2 sp_clamsrv (Spyware Terminator Clam Service) - c:\program files\winclamavshield\sp_clamsrv.exe (file missing)
S3 SQLAgent$MICROSOFTBCM - c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlagent.exe -i microsoftbcm
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-21 10:04:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-22 21:38:44 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:38:03 0 d-------- C:\ie-spyad
2007-04-22 21:33:10 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:27:48 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-22 16:14:37 0 d-------- C:\WINDOWS\LastGood
2007-04-21 06:36:56 34688 --a------ C:\WINDOWS\system32\drivers\samfilt.sys
2007-04-21 06:12:34 798773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2007-04-21 06:12:32 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-21 06:12:32 401484 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-04-21 06:12:32 929844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2007-04-21 05:45:19 0 d-------- C:\Program Files\Course Technology<COURSE~1>
2007-04-20 20:43:51 0 d-------- C:\Documents and Settings\Tina\Application Data\Avant Profiles<AVANTP~1>
2007-04-19 15:37:39 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-19 10:47:19 0 d-------- C:\WINDOWS\NV17803100.TMP<NV1780~1.TMP>
2007-04-19 10:46:35 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-19 10:45:27 0 d-------- C:\NVIDIA
2007-04-19 09:00:58 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-04-18 00:14:02 0 d-------- C:\Program Files\Veoh Networks<VEOHNE~1>
2007-04-17 21:15:40 0 d-------- C:\Documents and Settings\Tina\Application Data\DivX
2007-04-17 00:54:40 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-04-15 19:11:44 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-04-10 19:32:13 0 d-------- C:\WINDOWS\vbSkinner<VBSKIN~1>
2007-04-10 19:31:44 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-04-10 19:31:34 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-04-10 06:24:27 0 d-------- C:\Program Files\Common Files\Viewpoint<VIEWPO~1>
2007-04-02 23:08:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles<AVANTP~1>
2007-04-02 07:18:53 0 d-------- C:\Documents and Settings\Tina\Application Data\Spyware Terminator<SPYWAR~1>
2007-04-02 07:18:51 0 d-------- C:\Documents and Settings\Tina\Application Data\SiteAdvisor<SITEAD~1>
2007-04-02 00:38:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator<SPYWAR~1>
2007-04-01 21:56:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor<SITEAD~1>
2007-04-01 21:55:24 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-04-01 21:53:28 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor<SITEAD~1>
2007-04-01 21:53:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor<SITEAD~1>
2007-04-01 21:53:28 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-04-01 17:43:49 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-27 19:05:12 0 d-------- C:\Documents and Settings\Tina\Application Data\U3
2007-03-27 03:55:57 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55:48 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55:23 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55:23 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49:07 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:49:07 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49:02 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49:02 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:48:59 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-03-27 03:48:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-03-27 03:48:58 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-03-27 03:48:58 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-25 22:23:10 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-03-25 22:23:05 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-22 20:19:11 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-22 20:04:17 0 d-------- C:\Program Files\iTunes
2007-04-22 19:33:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-21 05:45:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-19 10:38:00 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-04-17 05:01:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-04-15 19:12:56 0 d-------- C:\Program Files\DivX
2007-04-11 07:32:09 0 d-------- C:\Program Files\HP
2007-04-09 21:28:29 0 d-------- C:\Program Files\Java
2007-03-27 03:55:31 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 03:55:31 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-18 11:40:35 0 d-------- C:\Program Files\Azureus
2007-03-17 10:09:40 0 d-------- C:\Program Files\iPod
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 21:59:41 0 d-------- C:\Program Files\Warcraft III<WARCRA~1>
2007-03-09 21:28:53 0 d-------- C:\Program Files\MSBuild
2007-03-09 21:22:43 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-09 14:46:00 1734 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 17:30:49 0 d-------- C:\Program Files\Enterbrain<ENTERB~1>
2007-03-07 17:28:36 0 d-------- C:\Program Files\Common Files\Enterbrain<ENTERB~1>
2007-03-05 19:25:19 0 d-------- C:\Program Files\WON
2007-03-04 12:44:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Avant Browser<AVANTB~1>
2007-03-04 12:39:27 0 d-------- C:\Program Files\Three Rings Design<THREER~1>
2007-03-04 12:38:00 0 d-------- C:\Program Files\PartyGaming.Net<PARTYG~1.NET>
2007-03-04 12:27:45 0 d-------- C:\Program Files\Common Files\AOL
2007-03-04 12:25:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2007-03-04 12:05:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-03-04 11:07:45 0 d-------- C:\Program Files\PCPitstop<PCPITS~1>
2007-03-03 12:55:49 0 d-------- C:\Program Files\GameTap
2007-03-03 00:44:16 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-28 07:14:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint<VIEWPO~1>
2007-02-15 21:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-22 21:00:17 55567 --a------ C:\WINDOWS\War3Unin.dat
2007-01-22 20:39:13 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-22 20:39:13 139264 --a------ C:\WINDOWS\War3Unin.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"LTMSG"="LTMSG.exe 7"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"QOELOADER"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Firewall\\ca.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust PestPatrol\\PPActiveDetection.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Free WebSite Tools.lnk"
"backup"="C:\\WINDOWS\\pss\\Free WebSite Tools.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COFFEE~1\\COFFEE~1\\THIRTY~1.EXE "
"item"="Free WebSite Tools"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Monitor Apache Servers.lnk"
"backup"="C:\\WINDOWS\\pss\\Monitor Apache Servers.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\APACHE~1\\Apache2\\bin\\APACHE~1.EXE "
"item"="Monitor Apache Servers"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1129553603\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=dword:00000003
"SCardSvr"=dword:00000003
"SCardDrv"=dword:00000003
"mnmsrvc"=dword:00000003
"IDriverT"=dword:00000003
"ERSvc"=dword:00000002
"AOL TopSpeedMonitor"=dword:00000002
"AOL ACS"=dword:00000002
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{367BDF4B-04E5-46C9-9D83-D68307F659E3}"="NSIS Media Extension"
"{A7B0163F-CC73-4E7C-9614-55D4C553ECE1}"="NSIS Media Extension"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59bef116-34e8-11da-940b-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b4ea6b8-dcb7-11db-b34c-000c76880253}]
Shell\AutoRun\command I:\LaunchU3.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc85f496-f6e4-11da-926e-00038a000015}]
Shell\AutoRun\command G:\setupSNK.exe


-- End of Deckard's System Scanner: finished at 2007-04-22 at 21:59:24 ---------
Attached Files
File Type: txt extra.txt (16.4 KB, 1 views)
Keradon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-22-2007, 08:13 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Re: Viewpoint/Grokster keep reappearing
Gah! Sorry, forgot the Panda Activescan log!

Here it is -


Incident Status Location

Adware:adware/azesearch Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgt9d67a.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgt9d67a.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgt9d67a.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgt9d67a.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgt9d67a.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.ads.addynamix.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.go.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.target.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[data.coremetrics.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.bfast.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.linksynergy.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.tickle.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.com.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.gostats.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[hc2.humanclick.com/hc/79430329]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[server.iad.liveperson.net/hc/54687191]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.target.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.com.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\1qhlcu0t.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tina\Cookies\tina@go[1].txt
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/Cydoor Not disinfected C:\WINDOWS\system32\1165159177.exe[¦%%\nvritf.dll]
Adware:Adware/PornStop Not disinfected C:\WINDOWS\system32\1165159177.exe[¦%%\avtmskii.dll]
Adware:Adware/Zango Not disinfected C:\WINDOWS\system32\1165779154.exe
Adware:Adware/Zango Not disinfected C:\WINDOWS\system32\1165782693.exe
Adware:Adware/PornStop
Keradon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-24-2007, 08:08 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Re: Viewpoint/Grokster keep reappearing
48 hour bump-

One other unusual behavior I'll note now is the tendency of my machine to lockup when playing any video.
Keradon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-28-2007, 07:25 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Re: Viewpoint/Grokster keep reappearing
48 hour bump-
Keradon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-30-2007, 01:26 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Re: Viewpoint/Grokster keep reappearing
48 hour bump
Keradon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 06:55 AM   #6 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Re: Viewpoint/Grokster keep reappearing
48 hour bump
Keradon is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2007, 07:43 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Viewpoint/Grokster keep reappearing
Hello Keradon and welcome to TSF,

Our apologies for the oversight of your thread. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Uninstall the older versions of Java via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) as they are no longer necessary and continue to pose a security risk:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 [i]Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_09


**Leave Java(TM) SE Runtime Environment 6 Update 1 intact.

-------