1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Pop-ups with internet explorer even when not using it.

Discussion in 'Malware and Virus Removal Archive' started by wheresthedisco, 2008/01/27.

Page 2 of 2
  1. 2008/02/06
    wheresthedisco

    wheresthedisco Inactive Thread Starter

    Joined:
    2008/01/27
    Messages:
    17
    Likes Received:
    0
    THE FIRST HALF. it was too long to post.



    Incident Status Location

    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
    Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Cole\LOCALS~1\Temp\!update.exe
    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.realmedia.com/]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Cole\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\install.jar-37c514a5-7ac84c68.zip[BlackBox.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Cole\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\install.jar-37c514a5-7ac84c68.zip[VerifierBug.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Cole\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\install.jar-37c514a5-7ac84c68.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Cole\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\install.jar-37c514a5-7ac84c68.zip[Beyond.class]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cole\Cookies\cole@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cole\Cookies\cole@atwola[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cole\Cookies\cole@doubleclick[2].txt
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cole\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cole\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.ad.yieldmanager.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.ads.addynamix.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.go.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.adserver.easyad.info/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/WebtrendsLive
     
    wheresthedisco,
    #21
  2. 2008/02/06
    wheresthedisco

    wheresthedisco Inactive Thread Starter

    Joined:
    2008/01/27
    Messages:
    17
    Likes Received:
    0
    THE SECOND HALF.


    Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.overture.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.com.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.tickle.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.webpower.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.targetnet.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kylie\Cookies\kylie@advertising[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kylie\Cookies\kylie@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kylie\Cookies\kylie@atwola[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kylie\Cookies\kylie@doubleclick[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.mediaplex.com/]
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSToolbar\VSToolBar.dll
    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\sysprotectscannerinstall[2].exe.vir
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir
    Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir
    Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir
    Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\Program Files\FNTS~1\dllhost .exe.vir
    Adware:Adware/Zenosearch Not disinfected C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir
    Adware:Adware/VideoActiveXObject Not disinfected C:\quarantine\5q3jo9f1.exe.Vir
    Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\S-1-5-21-2465149390-110082408-3811623537-1008\Dc12.txt
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-2465149390-110082408-3811623537-1008\Dc16.txt
    Spyware:Cookie/Linksynergy Not disinfected C:\RECYCLER\S-1-5-21-2465149390-110082408-3811623537-1008\Dc23.txt
    Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\S-1-5-21-2465149390-110082408-3811623537-1008\Dc37.txt
    Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-2465149390-110082408-3811623537-1008\Dc6.txt
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ejushxlx.exe.bad
    Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\eschekig.exe.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\faetfips.exe.bad
    Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\gkvhsncs.exe.bad
    Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\iejrlnqi.exe.bad
    Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\jkftilmg.exe.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\koetivxd.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\meordwjx.dll.bad
    Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\ourfxlhb.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pslmfdvv.dll.bad
    Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\saucpvir.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\srtjiyov.dll.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vkvbysbk.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vrtafjmg.dll.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\VSAdd-in.dll.bad
    Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\vsmrsent.exe.bad
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
    Possible Virus. Not disinfected C:\WINDOWS\system32\ckjomcgv.dll
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\colpcwaq.exe
    Potentially unwanted tool:Application/WinAntispyware2006 Not disinfected C:\WINDOWS\system32\drivers\uwasfsd.sys
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\jyfabcrw.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\mxeerdlj.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\uahoerpv.dll
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\vaylonyd.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\vgtnapwa.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\wfsbnebw.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\xrahwhpt.exe
    Possible Virus. Not disinfected C:\WINDOWS\system32\ycegmgha.dll
     
    wheresthedisco,
    #22


  3. to hide this advert.

  4. 2008/02/06
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi wheresthedisco

    Please do these in the order given.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    VSToolbar

    Please note any other programs that you dont recognize in that list and post them in your next response


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Make sure you do the FireFox instructions.


    Download
    OTMoveIt2 by OldTimer to your Desktop.
    • Double click OTMoveIt.exe to launch it.
    • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
    • Click the Move It button.
    • The list will be processed and the results will appear in the right hand pane.
    • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    • When finished click Exit to exit the programme.
    • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

    Now please post a new Panda scan.

    Thanks
    Geri
     
    Geri,
    #23
  5. 2008/02/08
    wheresthedisco

    wheresthedisco Inactive Thread Starter

    Joined:
    2008/01/27
    Messages:
    17
    Likes Received:
    0
    VST toolbar wasnt in add or remove programs.
    this is the panda scan in two parts again.



    Incident Status Location

    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
    Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Cole\LOCALS~1\Temp\!update.exe
    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cole\Application Data\Mozilla\Firefox\Profiles\gcewafxg.default\cookies.txt[.apmebf.com/]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cole\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cole\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.ad.yieldmanager.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.ads.addynamix.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.go.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.adserver.easyad.info/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.overture.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.com.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.tickle.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.webpower.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Maxserving Not disinfected
     
    wheresthedisco,
    #24
  6. 2008/02/08
    wheresthedisco

    wheresthedisco Inactive Thread Starter

    Joined:
    2008/01/27
    Messages:
    17
    Likes Received:
    0
    C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Kylie\Application Data\Mozilla\Firefox\Profiles\qutk42ux.default\cookies.txt[.targetnet.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tmx1p4qe.default\cookies.txt[.mediaplex.com/]
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\sysprotectscannerinstall[2].exe.vir
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir
    Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir
    Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir
    Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\Program Files\FNTS~1\dllhost .exe.vir
    Adware:Adware/Zenosearch Not disinfected C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir
    Adware:Adware/Popadd Not disinfected C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule12 .exe.vir
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\Program Files\VSToolbar\VSToolBar.dll
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\ejushxlx.exe.bad
    Adware:Adware/SystemDoctor Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\eschekig.exe.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\faetfips.exe.bad
    Adware:Adware/SecurityError Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\gkvhsncs.exe.bad
    Adware:Adware/SecurityError Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\iejrlnqi.exe.bad
    Adware:Adware/SystemDoctor Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\jkftilmg.exe.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\koetivxd.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\meordwjx.dll.bad
    Adware:Adware/WebSearch Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\ourfxlhb.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\pslmfdvv.dll.bad
    Adware:Adware/SecurityError Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\saucpvir.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\srtjiyov.dll.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\vkvbysbk.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\vrtafjmg.dll.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\VSAdd-in.dll.bad
    Adware:Adware/SecurityError Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\VundoFix Backups\vsmrsent.exe.bad
    Possible Virus. Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\ckjomcgv.dll
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\colpcwaq.exe
    Potentially unwanted tool:Application/WinAntispyware2006 Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\drivers\uwasfsd.sys
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\jyfabcrw.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\mxeerdlj.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\uahoerpv.dll
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\vaylonyd.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\vgtnapwa.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\wfsbnebw.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\xrahwhpt.exe
    Possible Virus. Not disinfected C:\_OTMoveIt\MovedFiles\02072008_214731\WINDOWS\system32\ycegmgha.dll
     
    wheresthedisco,
    #25
  7. 2008/02/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi wheresthedisco
    Hi
    Did you run ATF Cleaner? Just wondering because it should have gotten rid of those cookies.


    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    Files::
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for

Registry::
[-hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL]
    Please post the CF log and a new Panda scan.

    Thanks
    Geri
     
    Geri,
    #26
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...