Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several Viruses Keep Popping Up


  • This topic is locked This topic is locked
8 replies to this topic

#1 outqast

outqast

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 04 March 2008 - 02:17 AM

every one and a while...

I am going to post logs for both my home and work computers because they both have viruses on them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:50 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fyfchu\Desktop\stinger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199843649031
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - https://kronweb.stanford.edu/WFC/plugins/j2...dows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B255D5-A477-4C3C-99DB-F73B046A7AD0}: NameServer = 128.111.1.2,128.111.1.1
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe

--
End of file - 8898 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:51 AM

Posted 22 March 2008 - 10:51 AM

Hi Emmon,

Tell me what all you've done to this computer since you posted the log so I'll know where to go from here. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 outqast

outqast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 22 March 2008 - 02:08 PM

I have not done much to this computer since I posted this... entering grades, email, etc. I've run spybot s&D a couple of times... Here is an updated hijackthis log: Every week or so, a virus log pops up for norton antivirus and norton attempts to quarantine the viruses and fails. This is an older computer which was donated to me by my dad, so I do not really know what is on it. I just use it for grades and email basically.

Thanks,

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:08 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\conime.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199843649031
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - https://kronweb.stanford.edu/WFC/plugins/j2...dows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B255D5-A477-4C3C-99DB-F73B046A7AD0}: NameServer = 128.111.1.2,128.111.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe

--
End of file - 8925 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:51 AM

Posted 23 March 2008 - 01:22 PM

Hi there,

Nothing malicious there, but let's clean a bit and see. :thumbsup:

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 outqast

outqast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 24 March 2008 - 05:22 PM

tea,

Two comments. I messed up and accidentally saved the log before I quarantined/deleted everything for AVG. I'm not sure how that affects your interpretation of the log. Secondly, the computer seems to running SLOWER since running the scan.

Thanks,

Emmon

Here is the hijackthis report..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:22 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199843649031
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - https://kronweb.stanford.edu/WFC/plugins/j2...dows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B255D5-A477-4C3C-99DB-F73B046A7AD0}: NameServer = 128.111.1.2,128.111.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe

--
End of file - 9155 bytes

Here is the, AVG report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:04:16 PM 3/24/2008

+ Scan result:



C:\backup\Documents and Settings\ruven\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\backup\Documents and Settings\ruven\My Documents\GDiVX1.9.9.6.exe -> Adware.GigatechSuperBar : No action taken.
C:\backup\blaster\Program Files\FirstLook\FirstLook.exe -> Adware.NewDotNet : No action taken.
C:\backup\blaster\Program Files\NewDotNet\newdotnet4_50.dll -> Adware.NewDotNet : No action taken.
C:\backup\blaster\Program Files\NewDotNet\uninstall4_50.exe -> Adware.NewDotNet : No action taken.
C:\backup\Documents and Settings\ruven\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018877.CPY -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/Webhdll.dll -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/WhAgent.exe -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/wbhshare.dll -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/whAgent.inf -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/whInstaller.exe -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/whiehlpr.dll -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS188.CAB/A0018882.CPY/whieshm.dll -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS189.CAB/W0095024.CPY -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS189.CAB/W0095034.CPY -> Adware.WebHancer : No action taken.
C:\backup\blaster\_RESTORE\ARCHIVE\FS202.CAB/A0021489.CPY -> Dialer.BTV : No action taken.
C:\backup\Documents and Settings\rissman\Local Settings\Temp\remove.exe -> Downloader.Keenval.f : No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
:mozilla.117:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.118:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.139:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.140:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.142:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.143:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.144:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.145:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.146:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.147:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.148:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.149:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.150:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.151:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.152:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.153:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.154:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.155:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.156:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.157:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.158:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.159:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.160:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.161:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.162:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.163:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.164:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.165:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.166:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.167:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.494:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.525:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.756:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.799:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.851:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@download.abetterinternet[1].txt -> TrackingCookie.Abetterinternet : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ad-logics[2].txt -> TrackingCookie.Ad-logics : No action taken.
:mozilla.265:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.266:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.267:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.417:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.418:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.419:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.420:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.421:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.685:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.686:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.687:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.688:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.689:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.708:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.434:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.435:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.436:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.95:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@commission-junction[1].txt -> TrackingCookie.Commission-junction : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@bilbo.counted[2].txt -> TrackingCookie.Counted : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@stat.dealtime[1].txt -> TrackingCookie.Dealtime : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@stat.dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@euniverseads[1].txt -> TrackingCookie.Euniverseads : No action taken.
:mozilla.315:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.316:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.317:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.318:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.319:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@c.as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@gator[2].txt -> TrackingCookie.Gator : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@webpdp.gator[2].txt -> TrackingCookie.Gator : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ehg-aol.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ehg-qualcomm.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ehg-sonyelec.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ehg-space.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@phg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@hotlog[2].txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.431:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.433:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.566:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Information : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
:mozilla.29:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.650:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.652:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.653:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@paycounter[2].txt -> TrackingCookie.Paycounter : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@www1.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@www4.paypopup[2].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@www6.paypopup[2].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www1.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www10.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www2.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www5.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www6.paypopup[2].txt -> TrackingCookie.Paypopup : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www7.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.222:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.223:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.224:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.225:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.226:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.227:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.228:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.229:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.230:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.231:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@pro-market[2].txt -> TrackingCookie.Pro-market : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.284:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.285:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.286:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@www.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
:mozilla.120:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.121:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.122:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.123:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.247:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.248:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.249:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.250:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.251:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.252:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.253:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.254:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.255:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.256:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.257:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.297:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.540:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.541:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.215:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.216:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.217:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.218:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.219:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.220:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.221:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@ads.specificpop[2].txt -> TrackingCookie.Specificpop : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@spylog[2].txt -> TrackingCookie.Spylog : No action taken.
:mozilla.173:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.174:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.175:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.176:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.177:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.515:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@tracking.thunderdownloads[1].txt -> TrackingCookie.Thunderdownloads : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@tracking.thunderdownloads[2].txt -> TrackingCookie.Thunderdownloads : No action taken.
:mozilla.75:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.79:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.80:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.81:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.82:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.363:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@www.web-stat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@ads.x10[1].txt -> TrackingCookie.X10 : No action taken.
:mozilla.272:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.273:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.274:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.275:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.276:C:\Documents and Settings\fyfchu\Application Data\Mozilla\Firefox\Profiles\sebl0zg7.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\backup\Documents and Settings\rissman\Cookies\rissman@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\backup\Documents and Settings\ruven\Cookies\ruven@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\backup\blaster\Program Files\AIM95\icbmft.ocm -> Worm.AimVen : No action taken.


::Report end

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:51 AM

Posted 24 March 2008 - 11:32 PM

Hi Emmon,

No problem as long as I know you did let it clean everything it found in the end. :wacko: Yes, it would be slower. Symantec and the other protection programs you have are going to eat resources like they're going out of style, and AVG AS in top of all that won't help. You can uninstall AVG AntiSpyware if you like. While you're in there you can uninstall Viewpoint. If you use/used AIM or AOL at any point, it probably got downloaded behind your back and you didn't even know it was there. Reboot after you do these uninstalls. :thumbsup:

The following are not malware, but fixing them with HijackThis will improve your system's speed. None are necessary at startup, and may be started manually at any time. This is up to you. :blink:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer a time or so and let me know how it's running now. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 outqast

outqast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 25 March 2008 - 05:01 PM

Much much better... Thanks.

Emmon

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:51 AM

Posted 30 March 2008 - 10:48 PM

Hello,

You're welcome. :blink:

The only thing I don't see running would be a firewall. Otherwise I think you're good to go. :thumbsup: Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:51 AM

Posted 04 April 2008 - 08:45 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users