Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Files That Add Remove Too Lcant


  • Please log in to reply
11 replies to this topic

#1 Robert S.

Robert S.

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 01:01 AM

I uninstalled a game called Kal Online a while back and now i want to install it again. But since they changed sum things it seems like its runnng 2 programs in 1 program know what imean? "Kal Online" is the old program and "Kal OnlineEng" is the new one. theyre both trying to run at the same time which is my dilema. i want to remove the older Kal files but i cant find them anywhere and i dont know the name of them either. I need help desperately please. i need to find out how to learn these files names because add remove tool doesnt tell me the names of the files and it wont remover them because an error always pops up. so im open to suggestions and any help.

BC AdBot (Login to Remove)

 


#2 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 19 March 2006 - 01:07 AM

Hiya robert :thumbsup:

Lets run this tool and see if it helps.

Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter the file or use *.(file extention) to search for the file(s)
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#3 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 19 March 2006 - 01:14 AM

Robert is being helped in chat if this looks odd. :thumbsup:

Ok robert this is what we need to do next.

Download this application.

Hijack This

*Important* : HijackThis! needs to be installed in its own folder, as it creates backups that you may need later (create a folder in "My Documents", for example...). This tool can be dangerous when handled improperly, so, PLEASE DON'T FIX ANYTHING WITH IT YET !! and wait for instructions. Run HijackThis!, then click on "Do a system scan and save a logfile". Save the log, then copy/paste it here so we can have a look.
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#4 Robert S.

Robert S.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 01:17 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:18:13 AM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ItBill\itbill.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\system32\qmdsregj.exe
C:\WINDOWS\SYSTEM32\pkdevnag.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\DOCUME~1\Alex\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

#5 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 19 March 2006 - 01:20 AM

Ok robert I'm going to need to see the entire log from top to bottom please. :thumbsup:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#6 Robert S.

Robert S.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 01:22 AM

that is the entire log dude...

#7 Robert S.

Robert S.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 01:25 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:26:04 AM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ItBill\itbill.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\system32\qmdsregj.exe
C:\WINDOWS\SYSTEM32\pkdevnag.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\DOCUME~1\Alex\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{40-0B-BF-F9-ZN}] C:\windows\system32\qmdsregj.exe DO0605
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\pkdevnag.exe DO0605
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\pkdevnag.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - blank
O8 - Extra context menu item: &Translate English Word - blank
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - blank
O8 - Extra context menu item: Backward Links - blank
O8 - Extra context menu item: Cac&hed Snapshot of Page - blank
O8 - Extra context menu item: Cached Snapshot of Page - blank
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - blank
O8 - Extra context menu item: Similar Pages - blank
O8 - Extra context menu item: Translate into English - blank
O8 - Extra context menu item: Translate Page into English - blank
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

#8 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 19 March 2006 - 01:33 AM

Ok robert via chat lets see what we can do for you.

Firstly i want to move hijack this into a safer location.

Double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
Minimize the zipfolder, and go to My Computer. Double-click on C:/, then double-click on Program Files.

In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.

Call this folder HijackThis. Double-click to open this - new - folder.
Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.

Once this is completed this stuff comes next.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Then a online scan.

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.
When these are complete, show me the logs they generate and a new hijack log as well please. :thumbsup:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#9 Robert S.

Robert S.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 02:51 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:52:10 AM, 3/19/2006
+ Report-Checksum: 5D367E6C

+ Scan result:

HKU\S-1-5-21-3925601036-377347792-3079259715-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
[464] C:\Program Files\AltPayments\AltPayments.exe -> Adware.WeirWeb : Cleaned with backup
[892] C:\Program Files\ItBill\itbill.exe -> Backdoor.Agent.so : Cleaned with backup
[1208] C:\windows\system32\qmdsregj.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@c7.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Allison\Cookies\allison@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@e-2dj6wfmycpczkfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@news.com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@premiumnetworkrocks.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@vitacost.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Brian.DG6RRN31\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@dssatlascreditgroup.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@esads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@lovefreegames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@paidmarketingpanel.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@reciperewards.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@snagajob.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\PandLover17\Cookies\pandlover17@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\PandLover17\Local Settings\Temporary Internet Files\Content.IE5\01MNC5MJ\update[1] -> Backdoor.Agent.so : Cleaned with backup
C:\Program Files\AltPayments\AltPayments.exe -> Adware.WeirWeb : Cleaned with backup
C:\Program Files\InixSoft\Project Shinru\Head\Documents and Settings.txt.exe -> Trojan.Agent.aj : Cleaned with backup
C:\Program Files\ItBill\itbill.exe -> Backdoor.Agent.so : Cleaned with backup
C:\Program Files\MediaPipe\AltPayments.exe -> Adware.WeirWeb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP326\A0273777.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP327\A0273913.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP327\A0273918.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP327\A0273921.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP333\A0274192.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0275902.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP345\A0277096.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP352\A0281581.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP355\A0282484.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP355\A0282833.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0282881.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0282974.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP357\A0283072.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0284337.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP366\A0287362.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0292975.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0292985.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP371\A0293145.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP371\A0293146.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0294290.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0297573.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP388\A0301464.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP390\A0302272.exe -> Backdoor.Agent.so : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP392\A0303755.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP394\A0304967.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0306068.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0306233.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP399\A0306277.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306279.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306280.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306281.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306283.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306284.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306285.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306286.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306287.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306288.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306289.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306290.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP400\A0306310.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP408\A0306560.exe -> Backdoor.Agent.so : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0307283.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP452\A0318444.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP455\A0319682.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP455\A0319704.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\kodevlap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\lqdevrap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\mndevnap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqdevoaw.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqdevoaz.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\mrdevpap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\npdevqap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\omdevrap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\qmdsregj.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\qsdsregl.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\qsdsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rkdsregn.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rmdsregm.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rndsregp.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rodsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rpdsrego.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rqdsregl.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rqdsregp.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rqdsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\spdevsap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\trdevrap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\ysysws6d.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End

#10 Robert S.

Robert S.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 04:39 AM

PANDA


Incident Status Location

Adware:adware/zenosearch Not disinfected C:\Documents and Settings\Alex\Start Menu\Programs\Startup\Zeno.lnk
Adware:adware/azesearch Not disinfected C:\WINDOWS\SYSTEM32\azebar.xml
Adware:adware/wupd Not disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/ilookup Not disinfected C:\WINDOWS\SYSTEM32\xbox31.ico
Adware:adware/zenosearch Not disinfected C:\Documents and Settings\Alex\Start Menu\Programs\Startup\Zeno.lnk
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/secure32 Not disinfected C:\WINDOWS\secure32.html
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\ubber60.ini
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Alex\Cookies\alex@perf.overture[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Allison\Cookies\allison@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Allison\Cookies\allison@adrevolver[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Allison\Cookies\allison@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Allison\Cookies\allison@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Allison\Cookies\allison@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allison\Cookies\allison@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allison\Cookies\allison@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Allison\Cookies\allison@go[1].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Allison\Cookies\allison@lb3.netster[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Allison\Cookies\allison@rn11[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Allison\Cookies\allison@target[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Brian\Cookies\brian@adultfriendfinder[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Brian\Cookies\brian@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Brian\Cookies\brian@cgi-bin[1].txt
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Brian\Cookies\brian@hypercount[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@adultfriendfinder[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@belnk[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@c.fsx[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@cgi-bin[5].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@dist.belnk[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@gostats[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@outster[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@rn11[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@tickle[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@toplist[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Brian.DG6RRN31\Cookies\brian@winfixer[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@adrevolver[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@apmebf[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@dist.belnk[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@i.screensavers[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@mysearch[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@offeroptimizer[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@qsrch[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@searchportal.information[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@target[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@tickle[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\PandLover17\Cookies\pandlover17@www48.seeq[1].txt
Spyware:Spyware/Overpro Not disinfected C:\Program Files\MediaPipe\insdl.dll
Spyware:Spyware/Overpro Not disinfected C:\Program Files\MediaPipe\register.dll
Virus:Trj/Agent.gen Not disinfected C:\WINDOWS\SYSTEM32\sysnet.0xe
Adware:Adware/Zeno Not disinfected C:\WINDOWS\SYSTEM32\__delete_on_reboot__qmdsregj.exe

#11 Robert S.

Robert S.
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 March 2006 - 04:40 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:41:55 AM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\pkdevnag.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\pkdevnag.exe DO0605
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\pkdevnag.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - blank
O8 - Extra context menu item: &Translate English Word - blank
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - blank
O8 - Extra context menu item: Backward Links - blank
O8 - Extra context menu item: Cac&hed Snapshot of Page - blank
O8 - Extra context menu item: Cached Snapshot of Page - blank
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - blank
O8 - Extra context menu item: Similar Pages - blank
O8 - Extra context menu item: Translate into English - blank
O8 - Extra context menu item: Translate Page into English - blank
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

#12 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 19 March 2006 - 06:15 PM

Hi Robert :thumbsup:

Please move hijack this into a safer location as i have asked your still running out of a temp directory.


Double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
Minimize the zipfolder, and go to My Computer. Double-click on C:/, then double-click on Program Files.

In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.

Call this folder HijackThis. Double-click to open this - new - folder.
Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.

When this is completed show me a new hijack log please. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users