1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Same issue as post "89.149.227.195 Security Error"

Discussion in 'Virus & Other Malware Removal' started by Dowser, Mar 30, 2008.

Thread Status:
Not open for further replies.
  1. Dowser

    Dowser Thread Starter

    Joined:
    Mar 30, 2008
    Messages:
    2
    Hi Tech Suport Guy.

    A couple of days ago a family computer was infected with the exact same problem as a post on your site (I found your site by Googling 89.149.227.195 the apparent source of the malware) ~ being

    "About an hour ago I started getting a system error when using IE. It states, "your computer was infected by an unknown trojan. It's dangerous for your system. (critical files can be lost).
    Click OK to download antivirus spyware program to clean your system! (Recommended)!

    What is the best way to remove this and make sure all is Ok.

    Thank you in advance."

    I followed the advice to the end of the thread - which appears to remain unresolved.
    Your last request was for a "Combofix log" ~ here is the log from my computer:

    ComboFix 08-03-30.2 - Andrew 2008-03-30 15:45:51.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1592 [GMT -4:00]
    Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\ContextTool
    C:\Program Files\ContextTool\ContextHelper.dat
    C:\Program Files\ContextTool\ContextTool-2.dll
    C:\Program Files\ContextTool\ContextTool-3.dll
    C:\Program Files\ContextTool\pcre3.dll
    C:\Program Files\ContextTool\uninstall.exe
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\PlayMP3.exe
    C:\Program Files\PlayMP3z\uninstall.exe
    C:\WINDOWS\system32\x64

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
    .

    2008-03-30 14:51 . 2008-03-30 14:51 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-27 18:25 . 2008-03-27 18:25 <DIR> d-------- C:\Program Files\Files-Secure
    2008-03-27 18:22 . 2008-03-27 18:22 49 --a------ C:\xmp.bat
    2008-03-27 17:34 . 2008-03-27 17:34 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
    2008-03-27 17:34 . 2008-03-27 17:34 <DIR> d-------- C:\Program Files\FBrowserAdvisor
    2008-03-27 17:34 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
    2008-03-24 21:15 . 2008-03-24 21:15 <DIR> d-------- C:\Documents and Settings\Elaine\Application Data\Apple Computer
    2008-03-24 21:13 . 2008-03-24 21:13 0 --a------ C:\WINDOWS\pcfriend.INI
    2008-03-24 21:12 . 2008-03-24 21:12 <DIR> d-------- C:\Program Files\PCFriendly
    2008-03-24 21:12 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
    2008-03-24 21:12 . 2000-06-22 05:46 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
    2008-03-24 21:11 . 2008-03-24 21:11 <DIR> d-------- C:\Documents and Settings\Kathryn\WINDOWS
    2008-02-26 20:20 . 2008-02-27 20:19 <DIR> d-------- C:\Program Files\winvi

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-30 12:00 --------- d-----w C:\Documents and Settings\Kathryn\Application Data\AVG7
    2008-03-30 12:00 --------- d-----w C:\Documents and Settings\Friend\Application Data\AVG7
    2008-03-30 12:00 --------- d-----w C:\Documents and Settings\Andrew\Application Data\AVG7
    2008-03-29 18:06 --------- d-----w C:\Program Files\Google
    2008-03-29 18:05 --------- d-----w C:\Program Files\Java
    2008-03-25 01:15 --------- d-----w C:\Documents and Settings\Elaine\Application Data\AVG7
    2008-02-16 15:36 --------- d-----w C:\Program Files\LimeWire
    2008-02-01 00:21 --------- d-----w C:\Program Files\iTunes
    2008-02-01 00:21 --------- d-----w C:\Program Files\iPod
    2008-02-01 00:20 --------- d-----w C:\Program Files\QuickTime
    2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687A466A-D7CB-4FDF-965C-92462A82D7F0}]
    C:\WINDOWS\dsaip32b.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 18:48 98304]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 18:50 86016]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 18:47 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 15:44 196608]
    "Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 16:51 221184]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-24 00:06 579072]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 00:06 219136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NetScreen-Remote.lnk - C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe [2007-12-11 22:32:43 65588]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
    "C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe"= C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
    "C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe"= C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
    "C:\Program Files\Juniper\NetScreen-Remote\vpn.exe"= C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

    R2 ASFIPmon;Broadcom ASF IP Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
    R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys [2004-07-30 14:20]
    R2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2004-08-11 13:01]
    R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 17:26]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-20 15:39:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-30 15:46:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-30 15:47:29
    ComboFix-quarantined-files.txt 2008-03-30 19:47:27
    Pre-Run: 212,306,722,816 bytes free
    Post-Run: 212,295,311,360 bytes free
    .
    2008-03-15 12:21:22 --- E O F ---

    I don't know if the intermediate step of the Trend Micro Hi Jack This is needed but here is the result.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:52:10 PM, on 30 Mar 08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070320
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/nationalpost/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070320
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
    O2 - BHO: Media Player Codec - {687A466A-D7CB-4FDF-965C-92462A82D7F0} - C:\WINDOWS\dsaip32b.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180193952828
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8ADF854E-0D38-407F-8551-92C471078AC0}: NameServer = 207.164.234.193 207.164.234.129
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe

    --
    End of file - 7643 bytes

    Lots of stuff here to sift through. Can you point me to the next step.

    Thanks Techguy
     
  2. Dowser

    Dowser Thread Starter

    Joined:
    Mar 30, 2008
    Messages:
    2
    Hi,

    I read a sugestion by Cookiegal with respect to another issue and ran Panda's Active scan with the following result:


    Incident Status Location


    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt

    Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\Andrew\Desktop\ComboFix.exe[327882R2FWJFW\pv.cfexe]
    Possible Virus. Not disinfected C:\Documents and Settings\Andrew\Desktop\extract temp\OemExts\ANG\Setup.exe
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Duncan\Cookies\[email protected][1].txt
    Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Duncan\Cookies\[email protected][2].txt

    Possible Virus. Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\G12-tmpa1i.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem12.tmp.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem16.tmp.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem1C.tmp.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem20.tmp.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem5.tmp.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem9.tmp.exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\updD.tmp.exe
    Possible Virus. Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temporary Internet Files\Content.IE5\083Y7D0X\drv32[1].data
    Adware:Adware/FilesSecure Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temporary Internet Files\Content.IE5\083Y7D0X\setup2[1].exe
    Adware:Adware/FilesSecure Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temporary Internet Files\Content.IE5\HXH7ZONY\setup2[1].exe
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\My Documents\PLAY_MP3.exe
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Elaine\Cookies\[email protected][2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Elaine\Cookies\[email protected][2].txt

    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt

    Potentially unwanted tool:Application/FilesSecure Not disinfected C:\Program Files\Files-Secure\Uninstall.exe
    Possible Virus. Not disinfected C:\Program Files\Juniper\NetScreen-Remote\Setup\ANG\Setup.exe
    Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\ContextTool\ContextTool-2.dll.vir
    Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\ContextTool\ContextTool-3.dll.vir
    Potentially unwanted tool:Application/FunWeb Not disinfected C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
    Potentially unwanted tool:Application/Playmp3z Not disinfected C:\QooBox\Quarantine\C\Program Files\PlayMP3z\PlayMP3.exe.vir




    I understand about the cookies. I deleted a lot of the spyware/cookie results from Active scan to get this post under the 30,000 limit. Is "Playmp3z" legit? Any suggestions?

    Thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/698666

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice