Same issue as post "89.149.227.195 Security Error"

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Dowser

Thread Starter
Joined
Mar 30, 2008
Messages
2
Hi Tech Suport Guy.

A couple of days ago a family computer was infected with the exact same problem as a post on your site (I found your site by Googling 89.149.227.195 the apparent source of the malware) ~ being

"About an hour ago I started getting a system error when using IE. It states, "your computer was infected by an unknown trojan. It's dangerous for your system. (critical files can be lost).
Click OK to download antivirus spyware program to clean your system! (Recommended)!

What is the best way to remove this and make sure all is Ok.

Thank you in advance."

I followed the advice to the end of the thread - which appears to remain unresolved.
Your last request was for a "Combofix log" ~ here is the log from my computer:

ComboFix 08-03-30.2 - Andrew 2008-03-30 15:45:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1592 [GMT -4:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\ContextTool-2.dll
C:\Program Files\ContextTool\ContextTool-3.dll
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-30 14:51 . 2008-03-30 14:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 18:25 . 2008-03-27 18:25 <DIR> d-------- C:\Program Files\Files-Secure
2008-03-27 18:22 . 2008-03-27 18:22 49 --a------ C:\xmp.bat
2008-03-27 17:34 . 2008-03-27 17:34 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-27 17:34 . 2008-03-27 17:34 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-03-27 17:34 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-03-24 21:15 . 2008-03-24 21:15 <DIR> d-------- C:\Documents and Settings\Elaine\Application Data\Apple Computer
2008-03-24 21:13 . 2008-03-24 21:13 0 --a------ C:\WINDOWS\pcfriend.INI
2008-03-24 21:12 . 2008-03-24 21:12 <DIR> d-------- C:\Program Files\PCFriendly
2008-03-24 21:12 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-03-24 21:12 . 2000-06-22 05:46 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-03-24 21:11 . 2008-03-24 21:11 <DIR> d-------- C:\Documents and Settings\Kathryn\WINDOWS
2008-02-26 20:20 . 2008-02-27 20:19 <DIR> d-------- C:\Program Files\winvi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 12:00 --------- d-----w C:\Documents and Settings\Kathryn\Application Data\AVG7
2008-03-30 12:00 --------- d-----w C:\Documents and Settings\Friend\Application Data\AVG7
2008-03-30 12:00 --------- d-----w C:\Documents and Settings\Andrew\Application Data\AVG7
2008-03-29 18:06 --------- d-----w C:\Program Files\Google
2008-03-29 18:05 --------- d-----w C:\Program Files\Java
2008-03-25 01:15 --------- d-----w C:\Documents and Settings\Elaine\Application Data\AVG7
2008-02-16 15:36 --------- d-----w C:\Program Files\LimeWire
2008-02-01 00:21 --------- d-----w C:\Program Files\iTunes
2008-02-01 00:21 --------- d-----w C:\Program Files\iPod
2008-02-01 00:20 --------- d-----w C:\Program Files\QuickTime
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687A466A-D7CB-4FDF-965C-92462A82D7F0}]
C:\WINDOWS\dsaip32b.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 18:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 18:50 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 18:47 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 15:44 196608]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 16:51 221184]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-24 00:06 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 00:06 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe [2007-12-11 22:32:43 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe"= C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe"= C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\Juniper\NetScreen-Remote\vpn.exe"= C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R2 ASFIPmon;Broadcom ASF IP Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys [2004-07-30 14:20]
R2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2004-08-11 13:01]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 17:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 15:39:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 15:46:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-30 15:47:29
ComboFix-quarantined-files.txt 2008-03-30 19:47:27
Pre-Run: 212,306,722,816 bytes free
Post-Run: 212,295,311,360 bytes free
.
2008-03-15 12:21:22 --- E O F ---

I don't know if the intermediate step of the Trend Micro Hi Jack This is needed but here is the result.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:10 PM, on 30 Mar 08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070320
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/nationalpost/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070320
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: Media Player Codec - {687A466A-D7CB-4FDF-965C-92462A82D7F0} - C:\WINDOWS\dsaip32b.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180193952828
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ADF854E-0D38-407F-8551-92C471078AC0}: NameServer = 207.164.234.193 207.164.234.129
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe

--
End of file - 7643 bytes

Lots of stuff here to sift through. Can you point me to the next step.

Thanks Techguy
 

Dowser

Thread Starter
Joined
Mar 30, 2008
Messages
2
Hi,

I read a sugestion by Cookiegal with respect to another issue and ran Panda's Active scan with the following result:


Incident Status Location


Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt

Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\Andrew\Desktop\ComboFix.exe[327882R2FWJFW\pv.cfexe]
Possible Virus. Not disinfected C:\Documents and Settings\Andrew\Desktop\extract temp\OemExts\ANG\Setup.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Duncan\Cookies\[email protected][1].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Duncan\Cookies\[email protected][2].txt

Possible Virus. Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\G12-tmpa1i.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem12.tmp.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem16.tmp.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem1C.tmp.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem20.tmp.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem5.tmp.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\tem9.tmp.exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temp\updD.tmp.exe
Possible Virus. Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temporary Internet Files\Content.IE5\083Y7D0X\drv32[1].data
Adware:Adware/FilesSecure Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temporary Internet Files\Content.IE5\083Y7D0X\setup2[1].exe
Adware:Adware/FilesSecure Not disinfected C:\Documents and Settings\Duncan\Local Settings\Temporary Internet Files\Content.IE5\HXH7ZONY\setup2[1].exe
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\Documents and Settings\Duncan\My Documents\PLAY_MP3.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Elaine\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Elaine\Cookies\[email protected][2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt

Potentially unwanted tool:Application/FilesSecure Not disinfected C:\Program Files\Files-Secure\Uninstall.exe
Possible Virus. Not disinfected C:\Program Files\Juniper\NetScreen-Remote\Setup\ANG\Setup.exe
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\ContextTool\ContextTool-2.dll.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\ContextTool\ContextTool-3.dll.vir
Potentially unwanted tool:Application/FunWeb Not disinfected C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\QooBox\Quarantine\C\Program Files\PlayMP3z\PlayMP3.exe.vir




I understand about the cookies. I deleted a lot of the spyware/cookie results from Active scan to get this post under the 30,000 limit. Is "Playmp3z" legit? Any suggestions?

Thanks
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top