Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

new hijack? mrofinu?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: new hijack? mrofinu?

Unread postby Scotty » December 3rd, 2007, 6:40 am

Hello

    Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to your desktop.Then post it in your next reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

Re: new hijack? mrofinu?

Unread postby masonthedog » December 5th, 2007, 6:22 am

morning Scotty

Incident Status Location

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[stats1.reliablestats.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[errorsafe.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[hc2.humanclick.com/hc/49044919]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[searchportal.information.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[stats1.reliablestats.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.cs.sexcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[ad.yieldmanager.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[errorsafe.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[hc2.humanclick.com/hc/49044919]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[searchportal.information.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-2.txt[www.burstbeacon.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[.doubleclick.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[.cs.sexcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-3.txt[.toplist.cz/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[ad.yieldmanager.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[.cs.sexcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-4.txt[.toplist.cz/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.serving-sys.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.cs.sexcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-5.txt[.toplist.cz/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-6.txt[.doubleclick.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-6.txt[.toplist.cz/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-7.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-7.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-7.txt[.fastclick.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-7.txt[.cs.sexcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-7.txt[.toplist.cz/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.doubleclick.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[www.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.errorsafe.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.fastclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.zedo.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.cs.sexcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-8.txt[.toplist.cz/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-9.txt[.cs.sexcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-9.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-9.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-9.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-9.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\1apzphx5.default\cookies-9.txt[.toplist.cz/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Cookies\bob@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Cookies\bob@ad.yieldmanager[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Cookies\bob@ad.yieldmanager[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\bob\Cookies\bob@ad.yieldmanager[5].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\bob\Cookies\bob@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\bob\Cookies\bob@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bob\Cookies\bob@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\bob\Cookies\bob@adserver.easyad[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\bob\Cookies\bob@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\bob\Cookies\bob@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\bob\Cookies\bob@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Cookies\bob@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Cookies\bob@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\bob\Cookies\bob@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\bob\Cookies\bob@casalemedia[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\bob\Cookies\bob@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Cookies\bob@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\bob\Cookies\bob@enhance[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\bob\Cookies\bob@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\bob\Cookies\bob@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\bob\Cookies\bob@findwhat[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\bob\Cookies\bob@goclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\bob\Cookies\bob@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\bob\Cookies\bob@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\bob\Cookies\bob@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\bob\Cookies\bob@searchportal.information[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\bob\Cookies\bob@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\bob\Cookies\bob@statcounter[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\bob\Cookies\bob@tickle[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\bob\Cookies\bob@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\bob\Cookies\bob@trafficmp[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\bob\Cookies\bob@uol.com[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\bob\Cookies\bob@web.tickle[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\bob\Cookies\bob@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\bob\Cookies\bob@zedo[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\bob\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\bob\Desktop\ComboFix.exe[nircmd.cfexe]
Hacktool:Hacktool/Dialupass.G Not disinfected C:\Documents and Settings\bob\Desktop\New Folder (3)\ProduKey.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\bob\Desktop\security\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\bob\Desktop\security\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\bob\Desktop\security\SmitfraudFix\restart.exe
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[.target.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\wendy\Application Data\Mozilla\Firefox\Profiles\gz1zj85e.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\wendy\Cookies\wendy@target[2].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp
Spyware:Cookie/Adviva Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp
Spyware:Cookie/Bfast Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
Spyware:Cookie/Dbbsrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp
Spyware:Cookie/Euniverseads Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp
Spyware:Cookie/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp
Spyware:Cookie/Gorillanation Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp
Spyware:Cookie/HotLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp
Spyware:Cookie/Hypercount Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp
Spyware:Cookie/SexList Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp
Spyware:Cookie/Paypopup Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB.tmp
Spyware:Cookie/XXXCounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBD.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp
Spyware:Spyware/7r7t Not disinfected C:\qoobox\Quarantine\C\Temp\u900Y714.exe.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
masonthedog
Regular Member
 
Posts: 22
Joined: July 19th, 2007, 7:40 pm

Re: new hijack? mrofinu?

Unread postby Scotty » December 5th, 2007, 9:09 am

Good day sir

You may wish to keep hold of the Panda Online Scan as an extra on-demand virus-scanner.
If not you can uninstall it through Start>Control Panel>Add/Remove Programs.


Navigate to and delete the contents of the following folder:
C:\Program Files\Yahoo!\YPSR\Quarantine


I see that Viewpoint Media Player is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Viewpoint Media Player, click Remove.


Download ATF (Atribune Temp File) Cleaner� by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

*Note* If you do not have Firefox or Opera, those options will be greyed out.


Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Image
  • When shown the disclaimer, Select "2"


Finally, post a new HijackThis log and let me know how the computer is behaving now.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: new hijack? mrofinu?

Unread postby masonthedog » December 5th, 2007, 10:40 pm

Hi scotty. How's it look?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:00 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\hello.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Inst ... S_live.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta ... ysinfo.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 6745 bytes
masonthedog
Regular Member
 
Posts: 22
Joined: July 19th, 2007, 7:40 pm

Re: new hijack? mrofinu?

Unread postby Scotty » December 6th, 2007, 7:45 am

Hi

Congratulations, you appear to be malware free.

Here are some free programs I recommend, although you will not need them all.

Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: new hijack? mrofinu?

Unread postby masonthedog » December 6th, 2007, 9:47 pm

Some odd things..

Some websites look very different. Google maps wont load. Simple websites like this look exactly the same, Yahoo/my yahoo - the same. Did I turn something off I need to turn back on?
masonthedog
Regular Member
 
Posts: 22
Joined: July 19th, 2007, 7:40 pm

Re: new hijack? mrofinu?

Unread postby Scotty » December 7th, 2007, 4:22 pm

Hello

Open up Internet Explorer and under Tools select Delete browsing History (or Clear Browsing History) and let me know if that helps.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: new hijack? mrofinu?

Unread postby masonthedog » December 8th, 2007, 9:11 am

Scotty,
I primarily use firefox and that's what's acting wierd. I did the history clear in firefix and nothing changed.
masonthedog
Regular Member
 
Posts: 22
Joined: July 19th, 2007, 7:40 pm

Re: new hijack? mrofinu?

Unread postby Scotty » December 9th, 2007, 8:08 am

Hi

Do you have Java installed?
And what plug-ins have you got installed? i.e Flash Player, Shockwave etc.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: new hijack? mrofinu?

Unread postby masonthedog » December 9th, 2007, 9:59 pm

how could i find out?
masonthedog
Regular Member
 
Posts: 22
Joined: July 19th, 2007, 7:40 pm

Re: new hijack? mrofinu?

Unread postby Scotty » December 10th, 2007, 9:06 am

Hi
Start>Control Panel>Add/Remove Programs
Flash Player and Shockwave are Adobe products.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: new hijack? mrofinu?

Unread postby askey127 » December 23rd, 2007, 7:54 am

Glad we could be of assistance. This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter.
A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link : Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware