Jump to content


Photo

Adware/hijack problem (WinAntiVirus Pro)


  • This topic is locked This topic is locked
4 replies to this topic

#1 gomek

gomek

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 06 June 2007 - 09:32 PM

OK, I have Malware/Adware I can not seem to get rid of.

I actually found this forum as I seem to have many of the same symptoms as this thread
http://www.spywarein...mp;#entry546620

The most frequent pop I get is for "WinAntiVirus Pro". As well as canceriq.org and others.
Particularly interesting is the fake antivirus pops up on every real anti virus site I go to, almost blending itself with the page. Tricky.

I've also tried a bunch of programs to no avail. Hijack This, Spybot, AdAware. A bunch of them have detected the same viruses yet even after deleting them they reappear. "CoolWebSearch" is a repeat offender.

Also My Windows Explorer also craps out constantly.

Anyway, here are my logs

------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:47:27 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\virus info\HijackThis.exe

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\yuxmrnhd.dll",realset
O4 - HKLM\..\Run: [j5281737] rundll32 C:\WINDOWS\system32\j5281737.dll sook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114804997187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151543320929
O18 - Protocol: ssp - {1E8068DE-05AD-11D4-ACC8-EF447469245C} - C:\Program Files\Offline Commander\SSP.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

------------------------------------------------


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:30:51 PM 6/6/2007

+ Scan result:



HKLM\SOFTWARE\SecureWin -> Adware.Adlogix : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{150C15CE-ECE3-0E88-2657-77F261ADE060} -> Adware.CoolWebSearch : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{7C77122B-026F-9791-38EB-B10B289B5B82} -> Adware.CoolWebSearch : Cleaned.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\Program Files\Adware Away -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\AdAway.chm -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\AdAway.dll -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\AdAway.exe -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\Customize.dll -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\EProcess.exe -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\FixForV8.exe -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\LSP.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\ListDlls.exe -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\OtherNormal.dat -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\ab_old.reg -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\activex.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\autorun.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\backup -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\fa.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\global.dll -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\hosts.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\iebhotoolbar.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\iedlls.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\iepage.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\ierestriction.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\ietoolbarbutton.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\ieurlprefix.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\ieurlsearchhook.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\keylogger.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\overall.log -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\piracy.txt -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\process.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\service.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\sharedresource.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\shellextensions.tmp -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\sporder.dll -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\tmp.reg -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\unins000.dat -> Adware.RogueSuspect : Cleaned.
C:\Program Files\Adware Away\unins000.exe -> Adware.RogueSuspect : Cleaned.
HKU\S-1-5-21-2428208264-495502070-3156657054-1007\Software\Bundles -> Adware.SecondThought : Cleaned.
C:\WINDOWS\SYSTEM32\gebyyxu.dll -> Adware.Virtumonde : Cleaned.
[180] C:\WINDOWS\system32\gebyyxu.dll -> Adware.Virtumonde : Cleaned.
[3032] C:\WINDOWS\system32\gebyyxu.dll -> Adware.Virtumonde : Cleaned.
[3148] C:\WINDOWS\system32\gebyyxu.dll -> Adware.Virtumonde : Cleaned.
[3356] C:\WINDOWS\system32\ssqpm.dll -> Adware.Virtumonde : Cleaned.
[3904] C:\WINDOWS\system32\ssqpm.dll -> Adware.Virtumonde : Cleaned.
[684] C:\WINDOWS\system32\gebyyxu.dll -> Adware.Virtumonde : Cleaned.
C:\Program Files\WebEx\ieatgpc.dll -> Adware.WebEx : Cleaned.
C:\Program Files\WebEx\ieatgpc.tmp/ieatgpc.dll -> Adware.WebEx : Cleaned.
C:\WINDOWS\SYSTEM32\WebRebates_Auto_InstallSilent.exe -> Adware.WebRebates : Cleaned.
C:\WINDOWS\SYSTEM32\T3\dlltk67.exe -> Adware.ZQuest : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP973\A0076608.exe -> Downloader.Agent.bls : Cleaned.
C:\WINDOWS\SYSTEM32\T6\dlwr.exe -> Downloader.Agent.brf : Cleaned.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe -> Downloader.PurityScan.eg : Cleaned.
C:\WINDOWS\SYSTEM32\j5281737.dll -> Hijacker.Small.mw : Cleaned.
[1964] C:\WINDOWS\system32\j5281737.dll -> Hijacker.Small.mw : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP975\A0079669.sys -> Rootkit.Agent.eq : Cleaned.
:mozilla.188:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.144:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.114:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.115:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.153:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.154:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.101:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.107:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.96:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.98:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.163:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.164:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.165:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.168:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ehg-win2000mag.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.79:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.14:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.38:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.784:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.148:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.149:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.150:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.252:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.10:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.11:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.7:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.8:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.9:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.105:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.218:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.219:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.220:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.221:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Local Settings\Temp\Cookies\cathy gennaro@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.223:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.224:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.207:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.208:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.209:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.210:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.211:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.258:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.259:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.260:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.127:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.70:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.71:C:\Documents and Settings\Cathy Gennaro\Application Data\Mozilla\Firefox\Profiles\i94yr3c6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Cookies\cathy gennaro@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\SYSTEM32\aifjbeig.exe -> Trojan.Agent.anr : Cleaned.
C:\WINDOWS\SYSTEM32\xwobhkqb.exe -> Trojan.Agent.anr : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516a114b-4aee6dc6.zip/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516a114b-4aee6dc6.zip/Dex.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516a114b-4aee6dc6.zip/Dix.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Cathy Gennaro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516a114b-4aee6dc6.zip/Dux.class -> Trojan.ClassLoader.g : Cleaned.
C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe -> Trojan.VB.nhr : Cleaned.


::Report end

Edited by gomek, 09 June 2007 - 12:59 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 09 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 gomek

gomek

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 09 June 2007 - 01:04 PM

As you can see by my log above I ran AVG Anti-Spyware as this site recommended. That seemed to help a lot. We still get occasional 'about bank' pop-ups that seem to go away automatically, but the "WinVirusPro" pop ups seem to have disappeared.

-Chris

#4 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 09 June 2007 - 03:11 PM

Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#5 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 18 June 2007 - 05:11 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button