Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

CiD Help Needed!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

CiD Help Needed!

Unread postby jayyarr77 » September 27th, 2008, 8:47 am

I constantly get the CiD ads that pop up on my screen. They pop up in Internet Explorer even though I never use IE and only use FireFox. The ads dramatically slow down my computer and sometimes cause my computer to freeze. AdAware does not remove them, Symantec does not remove them. Please help me get rid of CiD!

Here is my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:37 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Store file readme bash] C:\Documents and Settings\All Users\Application Data\city about store file\mp3 blue.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6736 bytes
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am
Advertisement
Register to Remove

Re: CiD Help Needed!

Unread postby chryssi2001 » September 27th, 2008, 12:57 pm

Hello jayyarr77,

I will be assisting you with your malware issues.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
----------------------------------------------
Lop S&D-Option 1

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:

Symantec
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 27th, 2008, 5:27 pm

Hey chryssi2001,

Thank you for taking my case. I followed your directions and ran the Lop S&D program. I forgot to mention that in addition to CiD ads which consist of random products, I also receive pop-ups from Adult Friend Finder and programs that claim to be antivirus applications. I'm not sure if they are included in the CiD realm or not, but I wanted to mention them as well just so you have the whole story. Here's my Lop S&D logfile:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 Mobile CPU 1.70GHz )
BIOS : Rev 1.0 XXX
USER : Shelton Jones ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.6.6000 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 27 Go Free : 5 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Sat 09/27/2008|16:19 )

--------------------\\ Listing folders in APPLIC~1

[01/11/2004|04:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[01/11/2004|04:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/11/2004|04:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InterTrust
[01/09/2005|03:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[01/10/2004|11:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[01/11/2004|04:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec

[08/04/2008|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/17/2006|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/23/2007|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/17/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/31/2007|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/24/2006|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/06/2007|01:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> city about store file
[12/15/2006|03:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[07/29/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/11/2008|03:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/12/2004|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[08/25/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[03/17/2004|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/06/2005|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/07/2007|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[08/21/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/16/2006|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/05/2007|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!


[01/10/2004|11:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/28/2008|10:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/10/2004|11:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[11/30/2005|07:07] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> acccore
[03/05/2008|05:50] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Adobe
[01/16/2006|08:42] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Aim
[08/16/2006|12:12] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Apple Computer
[09/26/2008|07:32] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Azureus
[11/27/2006|02:39] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Google
[09/20/2006|05:53] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Help
[01/11/2004|11:46] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Identities
[04/11/2008|03:23] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Lavasoft
[03/28/2007|08:54] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> LinkedIn
[01/16/2004|03:00] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Macromedia
[09/25/2008|10:54] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> MathWorks
[12/15/2006|03:02] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Microsoft
[07/29/2008|07:16] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Mozilla
[12/17/2004|04:59] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> MSN6
[08/14/2006|11:10] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> OLYMPUS
[02/01/2004|04:57] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Real
[10/26/2004|12:00] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Sun
[01/27/2004|03:07] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Symantec
[02/21/2004|06:03] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Syntrillium
[11/05/2007|11:04] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Talkback
[01/12/2006|09:48] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Unwiredtec
[08/21/2008|11:43] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Viewpoint

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/22/2008 11:18 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/26/2008 08:00 PM][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[09/25/2008 06:20 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/03/2002 09:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/13/2007|03:20] C:\Program Files\<DIR> AC3Filter
[08/04/2008|06:41] C:\Program Files\<DIR> Adobe
[01/02/2007|01:25] C:\Program Files\<DIR> AIM
[06/23/2007|07:13] C:\Program Files\<DIR> AIM6
[11/30/2005|06:53] C:\Program Files\<DIR> AOD
[07/31/2007|12:07] C:\Program Files\<DIR> Apple Software Update
[08/23/2004|05:12] C:\Program Files\<DIR> AWS
[11/29/2007|01:08] C:\Program Files\<DIR> Azureus
[09/03/2008|11:39] C:\Program Files\<DIR> BitComet
[08/04/2008|06:38] C:\Program Files\<DIR> Common Files
[12/08/2004|09:18] C:\Program Files\<DIR> ComPlus Applications
[02/21/2004|05:58] C:\Program Files\<DIR> CoolEdit
[03/24/2004|02:13] C:\Program Files\<DIR> coolpro2
[07/29/2008|11:03] C:\Program Files\<DIR> DivX
[12/13/2004|10:11] C:\Program Files\<DIR> eBook Software
[01/12/2004|01:55] C:\Program Files\<DIR> EPSON
[10/06/2007|01:51] C:\Program Files\<DIR> erroradminfour
[12/01/2005|02:58] C:\Program Files\<DIR> ESPNMotion
[07/29/2008|06:48] C:\Program Files\<DIR> FLV Player
[09/22/2006|10:50] C:\Program Files\<DIR> Free CD-DA Extractor 4.8
[10/30/2004|08:39] C:\Program Files\<DIR> FruityLoops 3.4
[01/30/2004|03:44] C:\Program Files\<DIR> Gateway
[12/15/2006|05:44] C:\Program Files\<DIR> Google
[01/18/2004|12:37] C:\Program Files\<DIR> Half-Life
[08/14/2006|11:05] C:\Program Files\<DIR> InstallShield Installation Information
[01/11/2004|04:23] C:\Program Files\<DIR> Intel
[01/11/2004|11:10] C:\Program Files\<DIR> InterActual
[08/15/2008|11:44] C:\Program Files\<DIR> Internet Explorer
[11/24/2006|11:50] C:\Program Files\<DIR> iPod
[11/24/2006|11:50] C:\Program Files\<DIR> iTunes
[08/26/2007|06:21] C:\Program Files\<DIR> Java
[09/06/2005|01:24] C:\Program Files\<DIR> Kazaa
[07/29/2008|10:37] C:\Program Files\<DIR> Lavasoft
[11/15/2004|01:49] C:\Program Files\<DIR> LimeWire
[01/12/2004|12:11] C:\Program Files\<DIR> Maple 7
[09/25/2008|08:01] C:\Program Files\<DIR> MATLAB
[08/15/2008|11:56] C:\Program Files\<DIR> Messenger
[01/11/2004|03:47] C:\Program Files\<DIR> Microsoft ActiveSync
[05/09/2007|02:09] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[01/10/2004|11:39] C:\Program Files\<DIR> microsoft frontpage
[02/25/2004|01:23] C:\Program Files\<DIR> Microsoft Office
[01/12/2006|09:46] C:\Program Files\<DIR> Midi Converter
[12/08/2006|05:10] C:\Program Files\<DIR> Movie Maker
[09/27/2008|08:45] C:\Program Files\<DIR> Mozilla Firefox
[01/10/2004|11:33] C:\Program Files\<DIR> MSN
[01/10/2004|11:33] C:\Program Files\<DIR> MSN Gaming Zone
[12/09/2004|10:11] C:\Program Files\<DIR> MsnMusic
[10/14/2006|04:37] C:\Program Files\<DIR> MSXML 4.0
[12/08/2006|05:10] C:\Program Files\<DIR> NetMeeting
[08/14/2006|11:02] C:\Program Files\<DIR> OLYMPUS
[03/10/2008|07:08] C:\Program Files\<DIR> Online Services
[09/13/2006|01:45] C:\Program Files\<DIR> OrCAD_Demo
[07/01/2007|03:26] C:\Program Files\<DIR> Outlook Express
[09/03/2008|11:40] C:\Program Files\<DIR> Palm
[08/14/2006|11:00] C:\Program Files\<DIR> PIXELA
[10/27/2007|01:29] C:\Program Files\<DIR> QuickTime
[01/11/2004|04:46] C:\Program Files\<DIR> Real
[11/20/2005|04:04] C:\Program Files\<DIR> REI Wise
[01/12/2006|09:51] C:\Program Files\<DIR> Ringtone Creator
[01/19/2004|01:46] C:\Program Files\<DIR> Roxio
[09/27/2008|06:51] C:\Program Files\<DIR> RSSoft
[01/05/2005|10:33] C:\Program Files\<DIR> SIFXINST
[01/13/2004|10:54] C:\Program Files\<DIR> SONICblue
[09/06/2005|02:20] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/19/2006|11:02] C:\Program Files\<DIR> StarNet
[01/18/2004|12:04] C:\Program Files\<DIR> Steam
[10/07/2007|10:53] C:\Program Files\<DIR> Symantec
[09/27/2008|04:14] C:\Program Files\<DIR> Symantec AntiVirus
[01/11/2004|04:47] C:\Program Files\<DIR> Synaptics
[09/27/2008|08:12] C:\Program Files\<DIR> Trend Micro
[01/19/2004|01:00] C:\Program Files\<DIR> Uninstall Information
[08/21/2008|11:43] C:\Program Files\<DIR> Viewpoint
[02/12/2005|04:24] C:\Program Files\<DIR> WareOut
[11/16/2005|04:19] C:\Program Files\<DIR> Winamp
[12/01/2005|02:59] C:\Program Files\<DIR> Windows Media Bonus Pack for Windows XP
[02/19/2008|12:15] C:\Program Files\<DIR> Windows Media Connect 2
[11/02/2007|12:03] C:\Program Files\<DIR> Windows Media Player
[12/08/2006|05:10] C:\Program Files\<DIR> Windows NT
[05/03/2004|03:59] C:\Program Files\<DIR> Windows XP Fun Pack
[10/10/2006|08:23] C:\Program Files\<DIR> WindowsUpdate
[10/31/2007|09:19] C:\Program Files\<DIR> WinRAR
[01/11/2006|12:00] C:\Program Files\<DIR> WinZip
[01/10/2004|11:39] C:\Program Files\<DIR> xerox
[02/04/2004|10:33] C:\Program Files\<DIR> Xinox Software
[01/31/2008|07:35] C:\Program Files\<DIR> XoftSpySE
[09/06/2005|01:23] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/19/2004|01:47] C:\Program Files\Common Files\<DIR> Adaptec Shared
[08/04/2008|05:59] C:\Program Files\Common Files\<DIR> Adobe
[08/04/2008|06:38] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/19/2006|01:41] C:\Program Files\Common Files\<DIR> AOL
[01/11/2004|03:47] C:\Program Files\Common Files\<DIR> Designer
[01/11/2004|10:49] C:\Program Files\Common Files\<DIR> FotoNation
[10/04/2005|11:16] C:\Program Files\Common Files\<DIR> InstallShield
[09/06/2005|02:16] C:\Program Files\Common Files\<DIR> Java
[01/11/2004|04:37] C:\Program Files\Common Files\<DIR> Lanovation
[09/25/2008|07:55] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/10/2004|11:35] C:\Program Files\Common Files\<DIR> MSSoap
[11/30/2005|06:53] C:\Program Files\Common Files\<DIR> Nullsoft
[01/10/2004|05:26] C:\Program Files\Common Files\<DIR> ODBC
[10/06/2004|02:16] C:\Program Files\Common Files\<DIR> Real
[01/20/2006|06:56] C:\Program Files\Common Files\<DIR> Services
[01/10/2004|05:26] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/07/2007|10:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[07/01/2007|03:26] C:\Program Files\Common Files\<DIR> System
[07/29/2008|10:33] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[10/06/2004|02:17] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 45 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file
C:\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file\mp3 blue.exe
C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nsc3.tmp
C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nsf2.tmp
C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nsk2.tmp
C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nsk3.tmp
C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nsp2.tmp
C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nsq2.tmp
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@aalbc.advertserve[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@monstersandcritics.advertserve[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@messagespace.advertserve[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@www.adserver5[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adultfriendfinder[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adultfriendfinder[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adultfriendfinder[3].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adin.bigpoint[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@bigpoint[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@us1.darkorbit.bigpoint[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[3].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[4].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@seafight[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@us1.seafight[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@vegashotspots[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@vegasvacationstore[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@www.vegashotspots[1].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@www.vegasvacationstore[2].txt
C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@www.lop[2].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Store file readme bash"="C:\\Documents and Settings\\All Users\\Application Data\\city about store file\\mp3 blue.exe"

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 16:40:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\Program Files\Wareout
==> WAREOUT <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\SHELTO~1\Application Data\Azureus\torrents\Matlab_2007b_Full_Release_(no_keygen).rar.3814862.TPB.torrent
C:\DOCUME~1\SHELTO~1\Local Settings\Temp\Matlab_2007b_Full_Release_(no_keygen).rar.3814862.TPB.torrent
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Dapper Downloads\Kanye, Common, & Lupe\08-kanye_west-crack_music_(feat_the_game).mp3
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Dapper Downloads\Mixtape Madness\03-lil_wayne_ft_juelz_santana_and_young_jeezy-make_it_work_for_ya_(how_to_make_that_crack)-RapHustle.Com.mp3
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Kanye West - Late Registration\08-kanye_west-crack_music_(feat_the_game).mp3
C:\DOCUME~1\SHELTO~1\Recent\Matlab 2007b Full Release (no keygen).lnk
C:\DOCUME~1\SHELTO~1\Recent\Matlab 2007b Full Release (no keygen).rar.lnk


[F:740][D:68]-> C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp
[F:3195][D:0]-> C:\DOCUME~1\SHELTO~1\Cookies
[F:4355][D:104]-> C:\DOCUME~1\SHELTO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 09/27/2008|17:10 - Option : [1]

--------------------\\ Scan completed at 17:10:38
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am

Re: CiD Help Needed!

Unread postby chryssi2001 » September 28th, 2008, 3:31 am

Hello jayyarr77,

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus
BitComet
Kazaa
LimeWire


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
----------------------------------------------
REMOVE VIEWPOINT

You have Viewpoint, Viewpoint Manager, Viewpoint Media Player installed on your system. These programs are not malware but are considered as foistware instead of malware since they are installed without user's approval, and for this reason I recommend you remove them.

To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
----------------------------------------------
Do you know what is this program for:
erroradminfour

I can't find any information about it. It has been on your pc from this date:10/06/2007

If you have no clue, please remove it using Add/Remove programs.
----------------------------------------------
Additional to that using Add/Remove programs uninstall:

WareOut
----------------------------------------------
I see many cracks on your pc. They are illegal!

Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\SHELTO~1\APPLIC~1\Azureus
C:\DOCUME~1\SHELTO~1\APPLIC~1\Viewpoint
C:\Program Files\Azureus
C:\Program Files\BitComet
C:\Program Files\erroradminfour
C:\Program Files\Kazaa
C:\Program Files\LimeWire
C:\Program Files\Viewpoint
C:\Program Files\WareOut
C:\DOCUME~1\SHELTO~1\Application Data\Azureus
C:\DOCUME~1\SHELTO~1\Local Settings\Temp\Matlab_2007b_Full_Release_(no_keygen).rar.3814862.TPB.torrent
C:\DOCUME~1\SHELTO~1\Recent\Matlab 2007b Full Release (no keygen).lnk
C:\DOCUME~1\SHELTO~1\Recent\Matlab 2007b Full Release (no keygen).rar.lnk
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Dapper Downloads\Kanye, Common, & Lupe\08-kanye_west-crack_music_(feat_the_game).mp3
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Dapper Downloads\Mixtape Madness\03-lil_wayne_ft_juelz_santana_and_young_jeezy-make_it_work_for_ya_(how_to_make_that_crack)
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Kanye West - Late Registration\08-kanye_west-crack_music_(feat_the_game).mp3

:Commands
[EmptyTemp]
[Reboot]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Your pc will Reboot now.
----------------------------------------------
Lop S&D-Option 2

Double click LopSD.exe to start the program.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 28th, 2008, 7:58 am

Hello again,

I have removed the P2Ps, cracks, keygens, and so on. I don't have the log file from OTMoveIT3, my computer restarted before I could get a chance to save it. However, it said it was successful. Here is my log file from the second run of Lop S&D using Option 2. The files listed in the "Cracks" section are just songs that happen to contain the word "crack" No worries with those:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 Mobile CPU 1.70GHz )
BIOS : Rev 1.0 XXX
USER : Shelton Jones ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.6.6000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 27 Go Free : 7 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( Sun 09/28/2008| 7:34 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file\mp3 blue.exe
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@aalbc.advertserve[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@monstersandcritics.advertserve[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@messagespace.advertserve[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@www.adserver5[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adultfriendfinder[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adultfriendfinder[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adin.bigpoint[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@bigpoint[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@us1.darkorbit.bigpoint[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@adopt.euroclick[4].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@seafight[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@us1.seafight[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@vegashotspots[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@vegasvacationstore[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@www.vegashotspots[1].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton_jones@www.vegasvacationstore[2].txt
Deleted! - C:\DOCUME~1\SHELTO~1\Cookies\shelton jones@www.lop[2].txt
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[01/11/2004|04:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[01/11/2004|04:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/11/2004|04:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InterTrust
[01/09/2005|03:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[01/10/2004|11:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[01/11/2004|04:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec

[08/04/2008|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/17/2006|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/23/2007|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/17/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/31/2007|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/24/2006|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[12/15/2006|03:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[07/29/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/11/2008|03:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/12/2004|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[08/25/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[03/17/2004|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/06/2005|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/07/2007|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[05/16/2006|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/05/2007|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!


[01/10/2004|11:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/28/2008|10:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/10/2004|11:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[11/30/2005|07:07] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> acccore
[03/05/2008|05:50] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Adobe
[01/16/2006|08:42] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Aim
[08/16/2006|12:12] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Apple Computer
[11/27/2006|02:39] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Google
[09/20/2006|05:53] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Help
[01/11/2004|11:46] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Identities
[04/11/2008|03:23] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Lavasoft
[03/28/2007|08:54] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> LinkedIn
[01/16/2004|03:00] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Macromedia
[12/15/2006|03:02] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Microsoft
[07/29/2008|07:16] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Mozilla
[12/17/2004|04:59] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> MSN6
[08/14/2006|11:10] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> OLYMPUS
[02/01/2004|04:57] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Real
[10/26/2004|12:00] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Sun
[01/27/2004|03:07] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Symantec
[02/21/2004|06:03] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Syntrillium
[11/05/2007|11:04] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Talkback
[01/12/2006|09:48] C:\DOCUME~1\SHELTO~1\APPLIC~1\<DIR> Unwiredtec

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/22/2008 11:18 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/26/2008 08:00 PM][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[09/28/2008 07:20 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/03/2002 09:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/13/2007|03:20] C:\Program Files\<DIR> AC3Filter
[08/04/2008|06:41] C:\Program Files\<DIR> Adobe
[01/02/2007|01:25] C:\Program Files\<DIR> AIM
[06/23/2007|07:13] C:\Program Files\<DIR> AIM6
[11/30/2005|06:53] C:\Program Files\<DIR> AOD
[07/31/2007|12:07] C:\Program Files\<DIR> Apple Software Update
[08/23/2004|05:12] C:\Program Files\<DIR> AWS
[08/04/2008|06:38] C:\Program Files\<DIR> Common Files
[12/08/2004|09:18] C:\Program Files\<DIR> ComPlus Applications
[02/21/2004|05:58] C:\Program Files\<DIR> CoolEdit
[03/24/2004|02:13] C:\Program Files\<DIR> coolpro2
[07/29/2008|11:03] C:\Program Files\<DIR> DivX
[12/13/2004|10:11] C:\Program Files\<DIR> eBook Software
[01/12/2004|01:55] C:\Program Files\<DIR> EPSON
[12/01/2005|02:58] C:\Program Files\<DIR> ESPNMotion
[07/29/2008|06:48] C:\Program Files\<DIR> FLV Player
[09/22/2006|10:50] C:\Program Files\<DIR> Free CD-DA Extractor 4.8
[10/30/2004|08:39] C:\Program Files\<DIR> FruityLoops 3.4
[01/30/2004|03:44] C:\Program Files\<DIR> Gateway
[12/15/2006|05:44] C:\Program Files\<DIR> Google
[01/18/2004|12:37] C:\Program Files\<DIR> Half-Life
[08/14/2006|11:05] C:\Program Files\<DIR> InstallShield Installation Information
[01/11/2004|04:23] C:\Program Files\<DIR> Intel
[01/11/2004|11:10] C:\Program Files\<DIR> InterActual
[08/15/2008|11:44] C:\Program Files\<DIR> Internet Explorer
[11/24/2006|11:50] C:\Program Files\<DIR> iPod
[11/24/2006|11:50] C:\Program Files\<DIR> iTunes
[08/26/2007|06:21] C:\Program Files\<DIR> Java
[07/29/2008|10:37] C:\Program Files\<DIR> Lavasoft
[01/12/2004|12:11] C:\Program Files\<DIR> Maple 7
[08/15/2008|11:56] C:\Program Files\<DIR> Messenger
[01/11/2004|03:47] C:\Program Files\<DIR> Microsoft ActiveSync
[05/09/2007|02:09] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[01/10/2004|11:39] C:\Program Files\<DIR> microsoft frontpage
[02/25/2004|01:23] C:\Program Files\<DIR> Microsoft Office
[01/12/2006|09:46] C:\Program Files\<DIR> Midi Converter
[12/08/2006|05:10] C:\Program Files\<DIR> Movie Maker
[09/28/2008|07:26] C:\Program Files\<DIR> Mozilla Firefox
[01/10/2004|11:33] C:\Program Files\<DIR> MSN
[01/10/2004|11:33] C:\Program Files\<DIR> MSN Gaming Zone
[12/09/2004|10:11] C:\Program Files\<DIR> MsnMusic
[10/14/2006|04:37] C:\Program Files\<DIR> MSXML 4.0
[12/08/2006|05:10] C:\Program Files\<DIR> NetMeeting
[08/14/2006|11:02] C:\Program Files\<DIR> OLYMPUS
[03/10/2008|07:08] C:\Program Files\<DIR> Online Services
[09/13/2006|01:45] C:\Program Files\<DIR> OrCAD_Demo
[07/01/2007|03:26] C:\Program Files\<DIR> Outlook Express
[09/03/2008|11:40] C:\Program Files\<DIR> Palm
[08/14/2006|11:00] C:\Program Files\<DIR> PIXELA
[10/27/2007|01:29] C:\Program Files\<DIR> QuickTime
[01/11/2004|04:46] C:\Program Files\<DIR> Real
[11/20/2005|04:04] C:\Program Files\<DIR> REI Wise
[01/12/2006|09:51] C:\Program Files\<DIR> Ringtone Creator
[01/19/2004|01:46] C:\Program Files\<DIR> Roxio
[09/28/2008|07:34] C:\Program Files\<DIR> RSSoft
[01/05/2005|10:33] C:\Program Files\<DIR> SIFXINST
[01/13/2004|10:54] C:\Program Files\<DIR> SONICblue
[09/06/2005|02:20] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/19/2006|11:02] C:\Program Files\<DIR> StarNet
[01/18/2004|12:04] C:\Program Files\<DIR> Steam
[10/07/2007|10:53] C:\Program Files\<DIR> Symantec
[09/28/2008|07:21] C:\Program Files\<DIR> Symantec AntiVirus
[01/11/2004|04:47] C:\Program Files\<DIR> Synaptics
[09/27/2008|08:12] C:\Program Files\<DIR> Trend Micro
[01/19/2004|01:00] C:\Program Files\<DIR> Uninstall Information
[11/16/2005|04:19] C:\Program Files\<DIR> Winamp
[12/01/2005|02:59] C:\Program Files\<DIR> Windows Media Bonus Pack for Windows XP
[02/19/2008|12:15] C:\Program Files\<DIR> Windows Media Connect 2
[11/02/2007|12:03] C:\Program Files\<DIR> Windows Media Player
[12/08/2006|05:10] C:\Program Files\<DIR> Windows NT
[05/03/2004|03:59] C:\Program Files\<DIR> Windows XP Fun Pack
[10/10/2006|08:23] C:\Program Files\<DIR> WindowsUpdate
[10/31/2007|09:19] C:\Program Files\<DIR> WinRAR
[01/11/2006|12:00] C:\Program Files\<DIR> WinZip
[01/10/2004|11:39] C:\Program Files\<DIR> xerox
[02/04/2004|10:33] C:\Program Files\<DIR> Xinox Software
[01/31/2008|07:35] C:\Program Files\<DIR> XoftSpySE
[09/06/2005|01:23] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/19/2004|01:47] C:\Program Files\Common Files\<DIR> Adaptec Shared
[08/04/2008|05:59] C:\Program Files\Common Files\<DIR> Adobe
[08/04/2008|06:38] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/19/2006|01:41] C:\Program Files\Common Files\<DIR> AOL
[01/11/2004|03:47] C:\Program Files\Common Files\<DIR> Designer
[01/11/2004|10:49] C:\Program Files\Common Files\<DIR> FotoNation
[10/04/2005|11:16] C:\Program Files\Common Files\<DIR> InstallShield
[09/06/2005|02:16] C:\Program Files\Common Files\<DIR> Java
[01/11/2004|04:37] C:\Program Files\Common Files\<DIR> Lanovation
[09/25/2008|07:55] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/10/2004|11:35] C:\Program Files\Common Files\<DIR> MSSoap
[11/30/2005|06:53] C:\Program Files\Common Files\<DIR> Nullsoft
[01/10/2004|05:26] C:\Program Files\Common Files\<DIR> ODBC
[10/06/2004|02:16] C:\Program Files\Common Files\<DIR> Real
[01/20/2006|06:56] C:\Program Files\Common Files\<DIR> Services
[01/10/2004|05:26] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/07/2007|10:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[07/01/2007|03:26] C:\Program Files\Common Files\<DIR> System
[07/29/2008|10:33] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[10/06/2004|02:17] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp\nst2.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 07:38:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Dapper Downloads\Kanye, Common, & Lupe\08-kanye_west-crack_music_(feat_the_game).mp3
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Dapper Downloads\Mixtape Madness\03-lil_wayne_ft_juelz_santana_and_young_jeezy-make_it_work_for_ya_(how_to_make_that_crack)-RapHustle.Com.mp3
C:\DOCUME~1\SHELTO~1\My Documents\Shelton's Music\Kanye West - Late Registration\08-kanye_west-crack_music_(feat_the_game).mp3


[F:4][D:3]-> C:\DOCUME~1\SHELTO~1\LOCALS~1\Temp
[F:2718][D:0]-> C:\DOCUME~1\SHELTO~1\Cookies
[F:4376][D:104]-> C:\DOCUME~1\SHELTO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 09/27/2008|17:10 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sun 09/28/2008| 7:43 - Option : [2]

--------------------\\ Scan completed at 7:43:56
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am

Re: CiD Help Needed!

Unread postby chryssi2001 » September 28th, 2008, 8:29 am

Hello jayyarr77,

It looks you didn't remove the songs.
If they show up later as cracks i will immediately stop helping you, as per our forums policy.
----------------------------------------------
You can find OTMoveIt report at C:\_OTMoveIt\MovedFiles\date of the report
----------------------------------------------
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following Folder:

SHELTO~1 stands for User Name.

C:\DOCUMENTS AND SETTINGS\SHELTO~1\LOCALSETTINGS\Temp

Right-Click and empty it's contents.
----------------------------------------------
Post back:
A new HijackThis log.
OTMoveIt report.
Is the pc working better?
Also do you know and intentionally install this program? RSSoft?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 28th, 2008, 9:26 am

Hello again,

I mentioned earlier that the songs were not actual cracks, they just merely contain the word "crack" (as in cocaine) in their titles. These are the 2 song:

Make It Work For Ya (How to Make Crack), by Lil Wayne and Juelz Santana (1 file)
Crack Music, by Kanye West (2 different files)

So these 3 files are not a violation in the sense of the threat of a "crack" and should be ok.


Also, I entered the Windows Explorer as you said and tried to access the directory you specified:

C:\DOCUMENTS AND SETTINGS\SHELTON JONES\LOCALSETTINGS\Temp

But there seems to be no such directory. Any suggestions?

Also, I have no idea what RSSoft is. How can I get rid of it? I want to get rid of everything unnecessary as possible. Thanks
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am

Re: CiD Help Needed!

Unread postby chryssi2001 » September 28th, 2008, 10:14 am

Hello jayyarr77,

Try this:
C:\DOCUMENTS AND SETTINGS\SHELTON JONES\LOCAL SETTINGS\Temp
Also, I have no idea what RSSoft is. How can I get rid of it?

Use Add/Remove programs to uninstall RSSoft, and remove this folder when in Windows Explore:

C:\Program Files\RSSoft
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 28th, 2008, 11:23 am

Hello chryssi2001,

I emptied the contents of the Temp directory. My computer is running pretty well thus far, no CiD popups just yet. Do you see anymore threats? I ran another HijackThis scan. Here is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:18 AM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6383 bytes
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am

Re: CiD Help Needed!

Unread postby chryssi2001 » September 28th, 2008, 11:49 am

Hello jayyarr77,

FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
JavaRa

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, and copy/paste it back in this topic.
  • In case the logfile doesn't pop up, you can find it here: C:\JavaRa.log

Then download and install Java Runtime Environment (JRE) 6 Update 7 following the instructions below:
  • Go to Java Runtime Environment (JRE) 6 Update 7 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Post back:
JavaRa report.
A new HijackThis log.
Malwarebytes' Anti-Malware report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 28th, 2008, 6:24 pm

Hello chryssi2001,

I followed all of the above steps and downloaded/installed the above programs. Here are the logs for the JavaRa report, the new HijackThis log, and the Malwarebytes' Anti-Malware report:


JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Sep 28 12:16:07 2008

Found and removed: C:\Program Files\Java\j2re1.4.2_05

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Sep 28 12:18:58 2008

------------------------------------

Finished reporting.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:18 AM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6383 bytes




Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2

9/28/2008 6:22:35 PM
mbam-log-2008-09-28 (18-22-35).txt

Scan type: Quick Scan
Objects scanned: 52362
Time elapsed: 19 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am

Re: CiD Help Needed!

Unread postby chryssi2001 » September 29th, 2008, 3:20 am

Hello jayyarr77,

You missed updating your Java.
See the instructions here after JavaRa instructions.
Update Java, and post a new HijackThis log please.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 29th, 2008, 5:40 am

Hello chryssi2001,

I updated my Java and ran a new HijackThis scan. Here's the report:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:44 AM, on 9/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6001 bytes
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am

Re: CiD Help Needed!

Unread postby chryssi2001 » September 29th, 2008, 6:45 am

Hello jayyarr77,

Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply with a description of how your PC is behaving.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: CiD Help Needed!

Unread postby jayyarr77 » September 29th, 2008, 9:53 pm

Hello again,

Here is my Kaspersky scan after it took 500 hours :-)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 29, 2008 11:09:17
Records in database: 1273092
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 194587
Threat name: 13
Infected objects: 38
Suspicious objects: 0
Duration of the scan: 08:24:34


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01200000\49A74352.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01200001\49A74CCC.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01F80000\49F8DD67.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01F80001\49F8EA26.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\038C0000.VBN Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08280000\486A3808.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09000000\49D1A580.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A300000\4AB9C65D.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300000\4BBCE24F.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0000\4BDC6F22.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D0C0000\4DAE706A.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900000\4D97C058.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900001\4D9B6A14.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900002\4D9D005A.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900003\4D9DE393.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D900004\4D9E7F56.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DE40000\4DFEAE2E.VBN Infected: Net-Worm.Win32.Koobface.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DE40001\4DFEB120.VBN Infected: Net-Worm.Win32.Koobface.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0000\4EBE4970.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0001\4EBE4B88.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0002\4EBE4D77.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0003\4EBE4E07.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0004\4EBE4E4F.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0005\4EBE50A5.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0006\4EBE5103.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0007\4EBE514D.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0008\4EBE519D.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0009\4EBE51E3.VBN Infected: not-a-virus:AdWare.Win32.Agent.dxd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00000\4FFFA514.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00001\4FF10CE0.VBN Infected: Exploit.SWF.Downloader.hm 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file\mp3 blue.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\Program Files\Online Services\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
C:\Program Files\Online Services\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1
C:\Program Files\Online Services\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
C:\Program Files\Online Services\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\Program Files\Online Services\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1
C:\WINDOWS\system32\xscan.exe Infected: Trojan-Dropper.Win32.Agent.hy 1

The selected area was scanned.
jayyarr77
Active Member
 
Posts: 9
Joined: September 27th, 2008, 8:31 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware