1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Did i did something wrong to remove Trojan horse Dropper.Generic.DZD

Discussion in 'Virus & Other Malware Removal' started by ranger296, Mar 20, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    Since i just searched on thread for a quick solution. And the thread was in system volume etc and so was my bro. So i just chose the answer someone gave and disabled the system restore and re enabled it is it clean ? heres the hi jack log P.S i wont respond till tommorow around 4:00 pm P.S.S Well i might be able to respond tonight just maybe.



    Logfile of HijackThis v1.99.1
    Scan saved at 10:43:12 PM, on 3/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Morpheus\Morpheus.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Giganology\Gigaget\Gigaget.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
     
  2. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
  3. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    bump ><
     
  4. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    plz respond its been like 2 days
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Are you trying to say that something was found by an antivirus or other scan, and it was in your System Restore area?

    If so, yes, turning off Restore, then turning it back on, and creating the first new Restore Point, is the way to remove any infected files from System Restore.

    Just a note: Since you or someone is using at least 3 filesharing programs, it is no wonder you found something infected- this is a leading source of bad files.

    Morpheus
    Ares
    BearShare?

    Your log also indicates you had the RXToolbar, shows "file Missing" so apparently it was removed, probably by AVG Antispyware.
     
  6. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    lol thx no clue whats bearshare and my cousin downloaded ares. my bro only use morpheus lol and also yes avg found Trojan horse Dropper.Generic.DZD
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Try this online scan, it will give us a good look to see if anything bad is on the computer:

    If the Panda one will not work do second one...the important thing is to Save the results, or report from the scan and post it.

    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Or this one: Kaspersky
    • Please go HERE and click Kaspersky Online Scanner
    • Read and Accept the Agreement
    • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • If you see a Windows dialog asking if you want to install this software, click the Install button.
    • The program will launch and then begin downloading the latest definition files,
    • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
    • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
    • Under "Please select a target to scan:", click My Computer to start the scan.
    • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
    • Copy and Paste the contents of the on line scanner results into a Reply here in your thread, along with a new HJT log and log from any other scans you run.
     
  8. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    Sry for being so late this is the 1st part since its so long
    Incident Status Location

    Potentially unwanted tool:Application/Service9x Not disinfected C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MorpheusBar\bar\2.bin\m0Plugin.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMorpBr.dll
    Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys
    Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
    Adware:adware/instafinder Not disinfected c:\program files\INSTAFINK
    Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    Adware:adware/rxtoolbar Not disinfected Windows Registry
    Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.mysearch.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.azjmp.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.linksynergy.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.com.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.as1.falkag.de/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.go.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.ehg-dig.hitbox.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.ads.addynamix.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.fortunecity.com/]
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[server.iad.liveperson.net/hc/33832842]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Wang family\Application Data\Mozilla\Firefox\Profiles\hhl0hyyc.default\cookies.txt[server.iad.liveperson.net/hc/33832842]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Wang family\Cookies\wang [email protected][1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
     
  9. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    2nd part Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][6].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][3].txt
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Wang family\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Wang family\Local Settings\Temp\asmfiles.cab
    Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Wang family\Local Settings\Temp\MediaBar.exe
    Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Wang family\Local Settings\Temp\p2psetup.exe
    Potentially unwanted tool:Application/Service9x Not disinfected C:\i386\dlcctime.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\adm25.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\adm4.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\adm4005.exe
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\admdata.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\admdloader.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\admfdi.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\admprog.dll
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\altnetuninstall.exe
    Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Program Files\Altnet\Download Manager\asm.exe
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asmend.exe
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asmps.dll
    Adware:Adware/InstaFinder Not disinfected C:\Program Files\INSTAFINK\instafink.dll
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MorpheusBar\bar\2.bin\NPMORPBR.DLL
    Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
    Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
    Potentially unwanted tool:Application/Service9x Not disinfected C:\WINDOWS\system32\spool\drivers\w32x86\dell_photo_aio_printae86\dlcctime.dll
    Spyware:Cookie/Mysearch Not disinfected C:\WINDOWS\Temp\Cookies\[email protected][1].txt
     
  10. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
    bump again
     
  11. ranger296

    ranger296 Thread Starter

    Joined:
    Mar 17, 2007
    Messages:
    72
  12. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, AVG Antispyware should find a lot of what is on there....follow these steps and run a full scan exactly as I have below:

    • You need to save these directions either to a Notepad text file, save to your desktop, I suggest as a filename, use steps.txt. Or, print this out.
      Please note that the actual scan will be run in Safe Mode, directions below
    • Start AVG Antispyware.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
    When the progress lines stop, ususally pressing "Start Update" will just
    change back- it's done if you don't get any further Updating activity)

    ______________________________


    • 1. On the main window, click on the "Scanner" button and choose the "Settings" tab.
      • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
      • Under "How to Scan?" check all (default).
      • Under "Possibly unwanted software" check all (default).
      • Under "What to Scan?" make sure "Scan every file" is selected (default).
      • Under "Reports" select "Automatically generate report after every scan" and
        UNcheck "Only if threats were found".
      • 2. Click the "Scan" tab to return to scanning options. You don't scan just yet!
      • 3.If you were scanning now, you would Click "Complete System Scan" to start.
      • 4. When the scan finished you'd be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
      HOW TO SCAN- Please note the scan is done in Safe Mode-read on
    • If the computer is running, shut down Windows, and then turn off the power.
    • Reboot your computer TO Safe Mode. Here's how:
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Launch AVG Antispyware
    • Click "Complete System Scan" to start.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button!
    • 5. Click on "Save Report" to view all completed scans.
    • Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20072020-142816.txt.
    • Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • 6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/553395

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice