Jump to content

Return to Piriform.com

Is my computer clean?

Started by Brooke , May 28 2008 04:18 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 OFFLINE   Brooke

Brooke

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 28 May 2008 - 04:18 PM

I want to make sure that a virus has been completly removed and my computer is returned to complete working order. It seems fine, but the CPU jumps unexplaniably high at times.

BitDefender Online Scanner - Real Time Virus Report
Scanned Files 750451

Infected Files 4

Virus Detected;

Adware.Mysearch.B
Adware.Generic.20491
Trojan.Generic.278730
Trojan.Generic.278438

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/28/2008 at 10:35 AM

Application Version : 4.1.1046

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type       : Complete Scan
Total Scan Time : 03:01:02

Memory items scanned      : 440
Memory threats detected   : 0
Registry items scanned    : 5124
Registry threats detected : 0
File items scanned        : 48080
File threats detected     : 76

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tripod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@w00tpublishers.wootmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@amse[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@amsweb[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.wamba[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@glb.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@partner2profit[1].txt
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt

Adware.180solutions/Search Assistant
C:\Program Files\MediaGateway

Adware.MyWay
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT
C:\Program Files\MyWay\myBar\1.bin\Thumbs.db
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\Cache\00022E1B
C:\Program Files\MyWay\myBar\Cache\050D86B3
C:\Program Files\MyWay\myBar\Cache\05774418
C:\Program Files\MyWay\myBar\Cache\05B8683E
C:\Program Files\MyWay\myBar\Cache\0E1CBDF0
C:\Program Files\MyWay\myBar\Cache\0E1D5BA7.bin
C:\Program Files\MyWay\myBar\Cache\0E1D6878.bin
C:\Program Files\MyWay\myBar\Cache\0E1D6E25.bin
C:\Program Files\MyWay\myBar\Cache\files.ini
C:\Program Files\MyWay\myBar\Cache
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay

Adware.Viewpoint Toolbar
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\SQUARE SOFT, INC\FINAL FANTASY VIII\ADDON\FFADDON.DLL
C:\PROGRAM FILES\SQUARE SOFT, INC\FINAL FANTASY VIII\DATA\MUSIC\DMUSIC\FFADDON.DLL
C:\PROGRAM FILES\SQUARE SOFT, INC\FINAL FANTASY VIII\FFADDON.DLL

Trojan.Net-MSV/VPS-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP76\A0010590.DLL

Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP76\A0010592.DLL
C:\WINDOWS\VREGFWLX.DLL

Trojan.Unclassified/GTS
C:\WINDOWS\ATFXQOGP.DLL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:42 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211838886312
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8301 bytes

#2 OFFLINE   rridgely

rridgely

    I hate computers

  • Moderators
  • 9,087 posts
  • Gender:Male

Posted 28 May 2008 - 10:20 PM

Welcome to the forum. Please run the below scan and post back the log:

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

#3 OFFLINE   Brooke

Brooke

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 29 May 2008 - 03:53 PM

Here you go
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 4:51:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 811615
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 168607
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 04:09:51

Infected Object Name / Virus Name / Last Action
C:\4c7dcac2642c6af00a17873f91\msxml4-KB927978-enu.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\422d85274aaf682513ae45e65909423d_74f07d9c-350b-4266-a628-39288d851930 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\582f085e9c8758a3677325f4261f69e4_69f2d7a1-d528-49fb-887e-04c3142a0440 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a68929aad097c00d9073de207f3c0161_09dd87b0-ef13-4a37-b45b-28df06b2b9ff Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a68929aad097c00d9073de207f3c0161_abd0bd8d-c6de-4796-93c0-96b7a47278dd Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{B3C20DB6-BDA1-4BD4-BCDF-26D62621CE6E}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{B3C20DB6-BDA1-4BD4-BCDF-26D62621CE6E}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\8120C7B4.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\825C54AA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fla34.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session  - 1179633714.ssb/C:/Program Files/MyWay/myBar/1.bin/NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session  - 1179633714.ssb CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP79\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\edwf.exe Infected: Trojan.Win32.Vapsup.fri skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETA807.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\xmpstean.exe Infected: Trojan.Win32.Vapsup.frg skipped

Scan process completed.

#4 OFFLINE   rridgely

rridgely

    I hate computers

  • Moderators
  • 9,087 posts
  • Gender:Male

Posted 29 May 2008 - 06:01 PM

Download Killbox from Here

Click killbox.exe

Select the option "Delete on reboot".

Click the button: All Files (Important!)
Now it should flash green.

Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:

C:\WINDOWS\edwf.exe
C:\WINDOWS\xmpstean.exe

After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

---------

Once your computer is back up I would go into add/remove programs and uninstall real player and its toolbar. (Unless you actually use them..)

Post a new hijackthis log.

#5 OFFLINE   Brooke

Brooke

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 29 May 2008 - 07:25 PM

New Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:59 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0270.0\msneshellx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0270.0\msneshellx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211838886312
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8303 bytes

#6 OFFLINE   rridgely

rridgely

    I hate computers

  • Moderators
  • 9,087 posts
  • Gender:Male

Posted 30 May 2008 - 08:20 PM

Check this with hijackthis and then press "fix checked":
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

Your computer looks ok from the logs but you dont have an antivirus running on your system.
I would at least download avg free, avast free, or Antivir free(only one).

I see superantispyware, can you post the logs from your scans with it?

#7 OFFLINE   Brooke

Brooke

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 31 May 2008 - 07:34 PM

No Antivirus? Huh? I have the latest version of Norton up and running.

Anyway here's the latest SuperAntiSpyware Scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/31/2008 at 04:02 PM

Application Version : 4.1.1046

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type       : Complete Scan
Total Scan Time : 01:53:20

Memory items scanned      : 414
Memory threats detected   : 0
Registry items scanned    : 5397
Registry threats detected : 0
File items scanned        : 49599
File threats detected     : 33

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@windowsmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.webwosting[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.streetfire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.widgetbucks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adultswim.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.adultswim.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
ads.adultswim.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.cartoonnetwork.122.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vabbo7jv.default\cookies.txt ]

Adware.Viewpoint Toolbar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP77\A0011845.DLL

And another Hijackthis for good measure

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:19 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0270.0\msneshellx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0270.0\msneshellx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211838886312
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8410 bytes

#8 OFFLINE   rridgely

rridgely

    I hate computers

  • Moderators
  • 9,087 posts
  • Gender:Male

Posted 31 May 2008 - 10:32 PM

Do you have norton's real time shield disabled then? Maybe they changed the process names but I'm pretty sure the ones showing aren't the firewall or antiviruses real time shield(I just figured they were left overs from a bad uninstall)

Latest logs look ok if things are back to normal.

#9 OFFLINE   Brooke

Brooke

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 31 May 2008 - 10:39 PM

Thanks for the help ^_^ Yes the firewall is active, and it looks like everything else is enabled as well
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell