Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Can't get rid of Drsmartload1.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Can't get rid of Drsmartload1.exe

Unread postby EB99 » June 24th, 2006, 5:23 pm

I keep getting pop-up warnings from my AV scanner about Drsmartload1.exe. i have removed it through Spotbot S & D, but it keeps coming back. I would appreciate any help you can offer. Here is my Hyjack log

Logfile of HijackThis v1.99.1
Scan saved at 5:18:00 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\services.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wmiapsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSIns ... stall.html
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1294210953
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top
Advertisement
Register to Remove

Unread postby Bob4 » June 24th, 2006, 9:21 pm

_________________________________
Welcome to the Malware removal forums. I will be more than happy to help you work on your problems.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!




___________________________________
SpywareGuard:
A good program but may interfere with our fixes.

Right click the running icon of Spywareguard, it will open the program.
Then go to Menu, file, exit.
Then confirm the program is closed.

______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - <https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html>
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - <http://www.imgag.com/cp/install/AxCtp.cab>
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - <http://www.imgag.com/cp/install/AxCtp2.cab>
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - <http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe>
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe




______________________________
Stop and Disable a Service

Go to Start " Run " type: Services.msc " OK.
Scroll down and find this service: Display name here WMIPervAddOn
Double-click on it.
Under the General tab, click the Stop button.
Then as start up type click disable.


Do the exact same for
ALT



______________________________
We need to delete a service
- Start HijackThis...
- Click "Config" button
- Click "Misc Tools" button
- click "Delete an NT Service" button
- Copy and Paste the bold text below in the "Delete an NT Service" window

WMIPervAddOn

click OK

and the same for
ALT



close that.


___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD


C:\WINDOWS\services.exe .. PLease note with this one.. Just delete the services.exe in C:/windows.. There is a leditimate one in the system32 folder. Do not delete that one.

C:\WINDOWS\wmiapsv.exe




Ewido
Download Ewido
Install ewido
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed,
exit ewido.
Do Not Use It Yet.

________________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list choose safe
mode.
Heres how



_________________________________________
Ewido Part 2
Ewido
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
Under "How to scan" all boxes should be selected
Under "Possibly unwanted software" all boxes should be selected
Under "What to scan" select scan every file
Click OK
Click on Complete system scan
Let the program scan the machine

If ewido finds anything, it will pop up a notification. NOTE: Occasionally, ewido may produce a false positive, so we need to step through the fixes one-by-one. If ewido finds something that you KNOW is legitimate, for example... somthing related to your antivirus software, your ISP, or a recognized program - in particular keep watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives, select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and will let you know if ewido needs to be run again.When scan is completed, click Save report to your desktop.
Post the report in your next reply.
Exit ewido.

post the contents of the ewido log and a new HJT log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

question on stop and disable

Unread postby EB99 » June 24th, 2006, 9:50 pm

I couldn't find WMIPervaddon. Is that the same as WMI Performace Adapter? If so, that service is already stopped.
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top

Unread postby Bob4 » June 24th, 2006, 11:32 pm

No do not delete windows performance adaptor
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

Can't delete WMIPervAddon

Unread postby EB99 » June 24th, 2006, 11:55 pm

I tried to delete WMIPervaddon and I got a message that said the service was still running. When I went back to check WMI Performace Adapter, I saw that it was stopped and disabled. So I looked for other services that might resemble WMIPervAddon and I found Microsoft Performance WMI Adapter Addon. I'm not sure if that is the one I am supposed to stop, but it can't be stopped anyway because the stop button is grayed out. Also, could not find a service called ALT. Is that the same as Alerter?
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top

Unread postby Bob4 » June 25th, 2006, 6:53 am

Is that the same as Alerter?


No it's not the same leave Alerter there.
When you look at the list of services from the list is there a windows alerter listed? Not alerter
If so disable that service.



Lets try it this way.

Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - <https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html>
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - <http://www.imgag.com/cp/install/AxCtp.cab>
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - <http://www.imgag.com/cp/install/AxCtp2.cab>
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - <http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe>
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!


_________________________
Go to start > run and copy and paste next command in the field:

sc delete WMIPervAddOn
hit enter


__________________________-
Follow the instuctions from above and delete Remembering there is a legitimate file in c/windows/system32/services.exe. DO NOT DELETE THAT ONE.
c:/windows/services.exe


C:\WINDOWS\wmiapsv.exe

______________________________-
Then run ewido as directed above and post a new HJT log and the results from ewido.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

Access denied

Unread postby EB99 » June 25th, 2006, 8:09 am

I found both c:\windows\services.exe and C:\WINDOWS\wmiapsv.exe. Unable to delete. Access denied.
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top

Unread postby Bob4 » June 25th, 2006, 8:22 am

____________________________
Please download the Killbox by Option^Explicit

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\wmiapsv.exe
c:\windows\services.exe

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).


If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After this please post a new HJT log for me to look at.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

Unread postby EB99 » June 25th, 2006, 9:16 am

Performed Killbox file deletions successfully. Here is latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 9:14:20 AM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1294210953
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top

Unread postby Bob4 » June 25th, 2006, 11:42 am

___________________________________
SpywareGuard:
Once again disable spyware guard
Right click the running icon of Spywareguard, it will open the program.
Then go to Menu, file, exit.
Then confirm the program is closed.


____________________________
I'm sure it is but please check that c:/windows/services.exe is gone



______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked Even this window ;)


O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)







Once again look for this service.
______________________________
Stop and Disable a Service

Go to Start " Run " type: Services.msc " OK.
Scroll down and find this service: Display name here Windows Alerter
Double-click on it.
Under the General tab, click the Stop button.
Then as start up type click disable.

When that's done we need to delete that service.

Go to start > run and copy and paste next command in the field:

sc delete Windows Alerter
hit enter


Reboot the computer.
____________________________
Were you able to run Ewido ? I need to see that log as sometimes it finds false positives.

Please post the Ewido log and another HJT log.
Also let me know how things are running.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

Unread postby EB99 » June 25th, 2006, 1:21 pm

Here are HJT and Ewido scan logs.
Logfile of HijackThis v1.99.1
Scan saved at 1:18:48 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1294210953
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:16:37 PM 6/25/2006

+ Scan result:



HKU\S-1-5-21-1128738508-2810993780-2846520306-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -> Adware.Virtumonde : No action taken.
HKU\S-1-5-21-1128738508-2810993780-2846520306-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBF02DA-4360-4A7E-BEA1-347B87816327} -> Adware.Virtumonde : No action taken.
C:\!KillBox\services.exe -> Backdoor.SdBot.aad : No action taken.
C:\Documents and Settings\Rachel\Local Settings\Temp\Temporary Directory 2 for Picture003[1].zip\Picture003.pif -> Backdoor.SdBot.aad : No action taken.
C:\Documents and Settings\Rachel\Local Settings\Temporary Internet Files\Content.IE5\8O32FAN7\Picture003[1].zip/Picture003.pif -> Backdoor.SdBot.aad : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\boot[1].zip -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\booterror[1].zip -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\comber2[1].zip/booterror.exe -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\drload[1].exe -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\drsmartload743a[1].exe -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\penzat[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\booterror.exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\errorfix.exe -> Downloader.Adload.bo : No action taken.
C:\alias.com -> Downloader.Adload.bo : No action taken.
C:\autodefrag.exe -> Downloader.Adload.bo : No action taken.
C:\conf.com -> Downloader.Adload.bo : No action taken.
C:\defrag.exe -> Downloader.Adload.bo : No action taken.
C:\defragsvc.exe -> Downloader.Adload.bo : No action taken.
C:\svchost.exe/booterror.exe -> Downloader.Adload.bo : No action taken.
C:\winbootini.exe -> Downloader.Adload.bo : No action taken.
C:\winlogon.exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\msnupdate.exe -> Downloader.Adload.bq : No action taken.
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : No action taken.
HKU\S-1-5-21-1128738508-2810993780-2846520306-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\bootsector[1].zip -> Downloader.VB.afe : No action taken.
C:\bootsec.exe -> Downloader.VB.afe : No action taken.
C:\bootsect.exe -> Downloader.VB.afe : No action taken.
C:\bootsect0r.exe -> Downloader.VB.afe : No action taken.
C:\bootsection.exe -> Downloader.VB.afe : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@chefscatalog.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@etronics.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfk4kld5geq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkiqncpodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkoglajgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkywld5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkywoazwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wflisnczmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wflosmdpmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmialcjoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmigpd5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmiujc5ilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmykidpalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjlikmajigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjliupajwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjloghdzakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjlogmajeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjlyapajmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjmigiajoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjmyagdzgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjnysmdpwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@e-2dj6wfloanc5ofp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads1.revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@webstat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@webstat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Linda\Cookies\linda@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Rachel\Cookies\rachel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Rebecca\Cookies\rebecca@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Russ\Cookies\russ@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top

Unread postby Bob4 » June 25th, 2006, 2:30 pm

________________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list choose safe
mode.
Heres how



_________________________________________
Ewido Part 2
Ewido
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
Under How to act
Choose {b]quarintine[/b]

Under Reports check automatically create report after every scan.
Now back to the scan tab andClick on Complete system scan

Let the program scan the machine .
When finished click apply all actions.

_____________________


You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

______________________________
You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 = HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" = osboot


Let me know how things are running now.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

Unread postby EB99 » June 25th, 2006, 5:31 pm

I tried running Ewido in Safe Mode before and the problem is that the screen resolution defaults to 640 x 480 and the internet page will not all fit on one screen. I tried changing the screen resolution in Safe Mode, but was unable to do so (all of the screen options are greyed out). Do you know how to change that or can I run Ewido in normal mode?
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top

Unread postby Bob4 » June 25th, 2006, 5:46 pm

So I understand correctly.
You can not run Ewido in safe mode because you can't see the entire screen?


Try this.

In the top right corner of the window try clicking the middle box to make the window smaller. Then you can left click and hold the left click on the top margine of the window and move the window around.
In safe mode ewido may find a few other things.

If that doesn't work just go ahead and run in normal mode.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Top

Unread postby EB99 » June 25th, 2006, 9:24 pm

Could not run Ewido in Safe mode. Couldn't even see the 3 boxes in the upper right that you normally see. Tried holding down the left mouse button and dragging the window, but no effect. Here is the latest Ewido scan log.

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:21:20 PM 6/25/2006

+ Scan result:



HKU\S-1-5-21-1128738508-2810993780-2846520306-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-1128738508-2810993780-2846520306-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBF02DA-4360-4A7E-BEA1-347B87816327} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-1128738508-2810993780-2846520306-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-1128738508-2810993780-2846520306-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBF02DA-4360-4A7E-BEA1-347B87816327} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\!KillBox\services.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Local Settings\Temp\Temporary Directory 2 for Picture003[1].zip\Picture003.pif -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Local Settings\Temporary Internet Files\Content.IE5\8O32FAN7\Picture003[1].zip/Picture003.pif -> Backdoor.SdBot.aad : Error during cleaning.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\boot[1].zip -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\booterror[1].zip -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\comber2[1].zip/booterror.exe -> Downloader.Adload.bo : Error during cleaning.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\drload[1].exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\drsmartload743a[1].exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\penzat[1].exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\WINDOWS\booterror.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\WINDOWS\errorfix.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\alias.com -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\autodefrag.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\conf.com -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\defrag.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\defragsvc.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\svchost.exe/booterror.exe -> Downloader.Adload.bo : Error during cleaning.
C:\winbootini.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\winlogon.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\WINDOWS\msnupdate.exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1128738508-2810993780-2846520306-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
HKU\S-1-5-21-1128738508-2810993780-2846520306-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\bootsector[1].zip -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\bootsec.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\bootsect.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\bootsect0r.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\bootsection.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@chefscatalog.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@etronics.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfk4kld5geq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkiqncpodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkoglajgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkywld5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfkywoazwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wflisnczmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wflosmdpmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmialcjoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmigpd5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmiujc5ilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wfmykidpalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjlikmajigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjliupajwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjloghdzakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjlogmajeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjlyapajmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjmigiajoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjmyagdzgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@e-2dj6wjnysmdpwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@e-2dj6wfloanc5ofp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda\Cookies\linda@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Rachel\Cookies\rachel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Rebecca\Cookies\rebecca@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\russ@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end
EB99
Regular Member
 
Posts: 31
Joined: October 10th, 2005, 4:54 pm
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index