Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 16 of 16 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
I have both the antivermins and [email protected] malware on my computer...I have read a couple of the discussions about how to remove these problems, but would rather take the advice from one of the techs on here. Can someone please help me remove these aggrevating programs. Thanx!
 

·
Retired Trusted Advisor
Joined
·
5,333 Posts
Hi Saddams Ghost,
Are you aware of this Rule that I think applies in this instance?

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name. Anyone wishing to participate in a training program should contact a Moderator for more information.
 

·
Administrator
Joined
·
123,542 Posts
Hi and welcome to TSG,

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #4 ·
Thank you for your help....here is what showed up:

Logfile of HijackThis v1.99.1
Scan saved at 7:30:20 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 

·
Administrator
Joined
·
123,542 Posts
Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #6 ·
I also have [email protected] this attached to the other two malware programs?

Here are the results from smit:

SmitFraudFix v2.132

Scan done at 15:13:50.78, Thu 01/11/2007
Run from D:\New Folder\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\cthkpcv.dll FOUND !
C:\WINDOWS\system32\dxole32.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gavin Groves

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gavin Groves\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GAVING~1\FAVORI~1

C:\DOCUME~1\GAVING~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\AntiVermins\ FOUND !
C:\Program Files\Security Toolbar\ FOUND !
C:\Program Files\SpywareQuake.com\ FOUND !
C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 

·
Administrator
Joined
·
123,542 Posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #8 ·
Didn't get the results from cleaning process...here is the new hijack report. Seems to have worked....

Is there anything else that I will need to do??

Logfile of HijackThis v1.99.1
Scan saved at 4:18:27 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 

·
Administrator
Joined
·
123,542 Posts
Go to Control Panel - Add/Remove programs and remove:

NewdotNet

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #10 ·
AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:53:57 AM 1/13/2007

+ Scan result:

C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP267\A0035377.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP271\A0035472.dll -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037697.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037698.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037699.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP297\A0039146.dll -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-1088002793-1586975299-4223156422-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038946.dll -> Adware.WinAntiSpyware : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038947.exe -> Adware.WinAntiSpyware : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038955.exe -> Adware.WinFixer : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038956.exe -> Adware.WinFixer : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039089.dll -> Adware.WorldSecurityOnline : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037649.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037650.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037674.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037675.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP283\A0037711.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP283\A0037712.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP283\A0037736.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP283\A0037737.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP284\A0037853.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP284\A0037854.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP284\A0037891.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP284\A0037892.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP289\A0038884.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP289\A0038885.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038918.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038919.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038965.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038966.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039070.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039071.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039100.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039104.exe -> Downloader.Zlob.bfj : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037648.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP282\A0037673.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP283\A0037710.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP283\A0037735.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP284\A0037852.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP284\A0037890.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP289\A0038883.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038916.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038964.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039069.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039097.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039098.exe -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039099.dll -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039101.exe -> Downloader.Zlob.biu : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039090.exe -> Downloader.Zlob.rb : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP296\A0039091.exe -> Downloader.Zlob.zk : No action taken.
C:\Documents and Settings\Gavin Groves\Application Data\winantispyware2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Temporary Internet Files\Content.IE5\HUR5LEOM\ad-sp2-fastclick[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : No action taken.
C:\Documents and Settings\Karley Rayne\Local Settings\Temporary Internet Files\Content.IE5\RNXJ3T8W\sp2-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc105.txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc11.txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc130.txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc64.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc20.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][3].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc19.txt -> TrackingCookie.Adrevolver : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc103.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc108.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc21.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc110.txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc26.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc30.txt -> TrackingCookie.Bluestreak : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc113.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc33.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc48.txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc118.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc53.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc136.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc62.txt -> TrackingCookie.Mediaplex : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc71.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Pointroll : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc75.txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc133.txt -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc76.txt -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc140.txt -> TrackingCookie.Realtracker : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc89.txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc122.txt -> TrackingCookie.Ru4 : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc49.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc83.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc84.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc85.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt -> TrackingCookie.Valuead : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc88.txt -> TrackingCookie.Valueclick : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc137.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc15.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt -> TrackingCookie.Zedo : No action taken.
C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc100.txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP293\A0038944.exe -> Trojan.Fakealert.fb : No action taken.

::Report end
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #11 ·
Panda:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Joseph Groves\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Cookies\joseph [email protected][1].txt
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\sa656.exe[Spyware-Quake.exe]
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Temporary Internet Files\Content.IE5\KD674XQ7\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Temporary Internet Files\Content.IE5\KD674XQ7\popup[2].htm
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temporary Internet Files\Content.IE5\H54J00TV\protectionssoft[1].htm
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temporary Internet Files\Content.IE5\KEC604B7\protectionssoft[1].htm
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Karley Rayne\Local Settings\Temporary Internet Files\Content.IE5\UMBV6ZYK\PopularScreenSaversFWBInitialSetup1.0.0.15[1].cab
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kimberly Groves\Local Settings\Temp\Cookies\kimberly [email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc102.txt
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc111.txt
Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc18.txt
Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc25.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc27.txt
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc28.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc29.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc47.txt
Spyware:Cookie/Errorguard Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc50.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc77.txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\New Folder\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\New Folder\SmitfraudFix\SmitfraudFix\Process.exe
Again, thank you for helping me.
 

·
Administrator
Joined
·
123,542 Posts
You need to go back and run AVG-AS again and follow my instructions carefully so that it quarantines what it found.

Then run Panda, which it looks like you forgot to do, and post the results of AVG-AS, Panda and a new HijackThis log please.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #13 ·
I ran panda, it is the post after the first avg scan...when i ran avg scan the first time i "applied all actions" but did not save the report...
Here are the results from the 2nd avg scan:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:40:52 PM 1/13/2007

+ Scan result:

C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP297\A0039173.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP297\A0039174.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA9B38FB-1993-42C2-A0DD-3F494A22996B}\RP297\A0039175.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\gavin [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Here is the new HJT scan results:

Logfile of HijackThis v1.99.1
Scan saved at 3:04:23 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 

·
Administrator
Joined
·
123,542 Posts
I'm sorry about the Panda scan. For some reason, I blurred it together with the AVG-AS scan. :eek:

Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.

        [*]NOTE:
        If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Then run another Panda scan please and post the results.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #15 ·
Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\gavin_grov[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gavin Groves\Cookies\[email protected][1].txt
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Temporary Internet Files\Content.IE5\KD674XQ7\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Joseph Groves\Local Settings\Temp\Temporary Internet Files\Content.IE5\KD674XQ7\popup[2].htm
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc102.txt
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc111.txt
Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc18.txt
Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc25.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc27.txt
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc28.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc29.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc47.txt
Spyware:Cookie/Errorguard Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc50.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-1088002793-1586975299-4223156422-1007\Dc77.txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\New Folder\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\New Folder\SmitfraudFix\SmitfraudFix\Process.exe
 

·
Administrator
Joined
·
123,542 Posts
Go to Control Panel - Add/Remove programs and remove:

Viewpoint

Go to Start- Run – type in CMD and click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop "Viewpoint Manager Service"

Then press Enter

Type:

SC Delete "Viewpoint Manager Service"

Then press Enter.

Reboot and post a new HijackThis log please.
 
1 - 16 of 16 Posts
Status
Not open for further replies.
Top