Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups For Startup Page


  • This topic is locked This topic is locked
8 replies to this topic

#1 easydoesit

easydoesit

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 26 April 2008 - 10:28 AM

These two programs keep poping up in winpatrol to be approved for startup page.
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

I could not do a Kapersky virus scan. I could'nt get active x to install

How can I stop these pop ups/get rid of these programs? THANKS!

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-04-26 10:21:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:26 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Phreego Express Web Accelerator\pacore.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Phreego Express Web Accelerator\pagui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Phreego Express Web Accelerator\pacore.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Phreego Express Web Accelerator.lnk = C:\Program Files\Phreego Express Web Accelerator\pagui.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Phreego Express Web Accelerator\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Phreego Express Web Accelerator\gui_resource.dll/328
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5862E74F-753E-4A1B-983C-C059C5CDA5C3}: NameServer = 64.136.173.4 64.136.164.76
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6553 bytes

-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 09:58:16 0 d-------- C:\WINDOWS\LastGood
2008-04-26 09:35:49 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
2008-04-25 14:03:41 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2008-04-24 17:22:31 96256 --a------ C:\WINDOWS\system32\drivers\sptd2237.sys
2008-04-24 17:22:31 664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys


-- Find3M Report ---------------------------------------------------------------

2008-04-26 10:03:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SlipStream
2008-04-24 22:46:15 0 d-------- C:\Program Files\Common Files\Real
2008-04-24 22:46:15 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2008-04-24 22:46:10 0 d-------- C:\Program Files\Common Files
2008-04-23 14:48:25 0 d-------- C:\Program Files\Includes
2008-04-21 14:51:58 0 d-------- C:\Program Files\EMCO Malware Destroyer
2008-04-20 13:26:39 0 d-------- C:\Program Files\CCleaner
2008-04-14 18:02:49 938 --a----c- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 05:50 PM]
"@"="" []
"PCDrProfiler"="" []
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 04:23 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [02/17/2005 08:11 AM]
"SlipStream"="C:\Program Files\Phreego Express Web Accelerator\pacore.exe" [03/08/2007 11:55 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 11:06 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [06/21/2002 04:58 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 06:24 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Phreego Express Web Accelerator.lnk - C:\Program Files\Phreego Express Web Accelerator\pagui.exe [6/20/2007 12:28:57 PM]




-- End of Deckard's System Scanner: finished at 2008-04-26 10:21:42 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 27 April 2008 - 09:19 AM

Hi,

These two programs keep poping up in winpatrol to be approved for startup page.
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

How can I stop these pop ups/get rid of these programs? THANKS!


Well, it's not malware related here...
I see these programs are deleted already, only the startup entries remain in the registry.

First of all.. I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, check and fix next entries in HijackThis:

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S


If your Winpatrol gives a message afterwards, choose to allow the changes! Otherwise it will restore them again.

Sidenote, is there any reason why you don't have an Antivirus installed?

Also, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 easydoesit

easydoesit
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 29 April 2008 - 01:01 PM

Did as you instructed and it worked great! Also installed java update. What would you recomend for anti virus? Thanks so much for the help.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 29 April 2008 - 02:08 PM

Good to hear.

Look in my signature below under Antivirus for the ones I recommend. For example Avira is a great free Antivirus. They also have a Premium version, which is not for free, but cheap, and that one removes spyware/adware as well and has extra features
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 easydoesit

easydoesit
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 01 May 2008 - 04:20 PM

I loaded the avira antivirus and found the following. Avira said one virus could not be deleted or repaired in D:\I386\APPS\APP11152\src\DISK1\Data1.cab

should I have started a new post?



Avira AntiVir Personal
Report file date: Thursday, May 01, 2008 10:24

Scanning for 1246006 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-D0F670B45A

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 16:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 15:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 15:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 15:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 20:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 4/22/2008 15:04:00
ANTIVIR3.VDF : 7.0.3.236 249344 Bytes 5/1/2008 15:05:26
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 16:58:21
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 5/1/2008 15:13:43
AESCN.DLL : 8.1.0.15 119157 Bytes 5/1/2008 15:13:09
AERDL.DLL : 8.1.0.20 418165 Bytes 5/1/2008 15:12:48
AEPACK.DLL : 8.1.1.4 364918 Bytes 5/1/2008 15:11:41
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 5/1/2008 15:10:35
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 5/1/2008 15:10:03
AEHELP.DLL : 8.1.0.14 115063 Bytes 5/1/2008 15:07:06
AEGEN.DLL : 8.1.0.18 299381 Bytes 5/1/2008 15:06:48
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 22:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 5/1/2008 15:05:56
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 00:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 17:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 00:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 15:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 00:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 21:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 19:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, May 01, 2008 10:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'pagui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb05.exe' - '1' Module(s) have been scanned
Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned
Scan process 'pacore.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Help\quicken.chm
[0] Archive type: CHM
--> /IDH_SETUP_TASK_New401kAccountWillApplyTo401kLoanRepayment.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The file was moved to '4882e128.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\07CJ8WJX\m2_18_09_07_1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was moved to '4878e17a.qua'!
C:\Program Files\music_now\inetchk.exe
[DETECTION] Is the Trojan horse TR/Click.HD
[NOTE] The file was moved to '487ee4ae.qua'!
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.aeh
[NOTE] The file was moved to '487ae524.qua'!
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP58\A0005566.exe
[DETECTION] Is the Trojan horse TR/Click.HD
[NOTE] The file was moved to '484a2acc.qua'!
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP58\A0005567.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.aeh
[NOTE] The file was moved to '484a2ad5.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd2237.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
D:\I386\APPS\APP11152\src\DISK1\Data1.cab
[0] Archive type: CAB (Microsoft)
--> _68A8618D88EC47FDAA993D963DCBFF6D
[1] Archive type: CHM
--> /IDH_SETUP_TASK_New401kAccountWillApplyTo401kLoanRepayment.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The file was moved to '488e2f3f.qua'!


End of the scan: Thursday, May 01, 2008 16:03
Used time: 5:39:54 min

The scan has been done completely.

5112 Scanning directories
345524 Files were scanned
5 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
345519 Files not concerned
14588 Archives were scanned
4 Warnings
7 Notes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 01 May 2008 - 04:50 PM

Hi,

According to Avira, it has been quarantined, and as a matter of fact, you may actually ignore that detection, because it's based on heuristics and most probably a false positive.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 easydoesit

easydoesit
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 01 May 2008 - 05:12 PM

Thanks again for all the help!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 01 May 2008 - 05:22 PM

You're most welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:30 AM

Posted 03 May 2008 - 12:45 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users