Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Computer virus/malware  (Read 4288 times)

0 Members and 1 Guest are viewing this topic.

earmic

    Topic Starter


    Beginner

    Computer virus/malware
    « on: April 06, 2009, 03:05:56 PM »
    I have done the initial tasks of running HJthis and SASware as needed in the before you start post.  The CCleaner would not run.  I need help disinfecting this thing please.
    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:17:10 AM, on 4/4/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\McAfee\Common Framework\FrameworkService.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\McAfee\Common Framework\udaterui.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    D:\Program Files\McAfee\Common Framework\McTray.exe
    D:\WINDOWS\system32\msiexec.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmc.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [HPLJ Config] D:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1320 PCL 6" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Documents and Settings\engineering\My Documents\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 4398 bytes



    UPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/04/2009 at 07:39 PM

    Application Version : 4.26.1000

    Core Rules Database Version : 3816
    Trace Rules Database Version: 1770

    Scan type       : Complete Scan
    Total Scan Time : 02:02:37

    Memory items scanned      : 425
    Memory threats detected   : 0
    Registry items scanned    : 3552
    Registry threats detected : 46
    File items scanned        : 116527
    File threats detected     : 247

    Adware.HotBar/ShopperReports (Low Risk)
       HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

    Adware.Zango/ShoppingReport
       HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
       HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
       HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
       HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
       HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
       HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
       HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
       HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
       HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
       HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
       HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
       HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
       HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
       HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
       HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
       HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
       HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
       HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
       HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
       HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
       HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
       HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
       HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
       HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
       HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
       HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
       HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
       HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
       HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
       HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\Config.xml
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db\Aliases.dbs
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db\Sites.dbs
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\dwld
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report\aggr_storage.xml
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report\send_storage.xml
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\res2
       D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs
       D:\Documents and Settings\engineering\Application Data\ShoppingReport

    Adware.Tracking Cookie
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@overture[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@dcsn3k5o910000086aqymxzgy_6w7r[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@casalemedia[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@revsci[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@eyewonder[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@interclick[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@collective-media[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@findarticles[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@specificclick[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@adlegend[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@advertising[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][5].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@zedo[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@apmebf[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@15744040[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@doubleclick[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@discountramps[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@atdmt[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@statcounter[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@clickbank[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@bluestreak[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@atvpathfinder[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@adinterax[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@spamblockerutility[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@insightexpressai[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@media6degrees[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@tacoda[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@bravenet[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@tribalfusion[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@kontera[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@adbrite[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@adrevolver[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@trafficmp[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@partner2profit[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@hitbox[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@tripod[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@44153975[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@zedomax[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@realmedia[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@cp-track[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@pro-market[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@cgi-bin[3].txt
       D:\Documents and Settings\engineering\Cookies\engineering@serving-sys[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@easy-hit-counters[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@nextag[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@atvdiscounter[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@centralmediaserver[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@tradedoubler[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@questionmarket[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@dealtime[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@5255712[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@41186290[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@dcs4z9z5284gol4nko46dauim_9c9l[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@114bbb10be[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@1068870357[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@revenue[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@70307935[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@1069371010[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@discount-trailers[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@dmtracker[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@indextools[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@ystat[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@fortunecity[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@coolsavings[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@chitika[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@57386690[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@azjmp[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@19596369[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@1072740670[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@bizrate[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@fastclick[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@64258960[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@qnsr[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@1070779877[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@octobercountrycomics[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@motorcycles1230735600[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@pagead[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@76226072[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@mediaplex[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@ak[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@smartadserver[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@specificmedia[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@73335289[2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@2o7[2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@1072546108[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\engineering@yourmedia[1].txt
       D:\Documents and Settings\engineering\Cookies\engineering@accounts[1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][3].txt
       D:\Documents and Settings\engineering\Cookies\[email protected][4].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@2o7[2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@adinterax[2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@advertising[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@atdmt[2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@bizrate[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@bluestreak[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@casalemedia[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@doubleclick[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@hitbox[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@insightexpressai[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@mediaplex[2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@nextag[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@overture[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@questionmarket[2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@revsci[2].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@tacoda[1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][2].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo 19@adrevolver[1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo 19@apmebf[2].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo 19@atdmt[1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo 19@doubleclick[1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo 19@mediaplex[2].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
       D:\Documents and Settings\maximo 19\Cookies\maximo 19@revsci[2].txt

    Malware.SpyShredder
       HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\SpyShredder
       HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Program Files\SpyShredder\SpyShredder.exe ]
       D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder\SpyShredder.lnk
       D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder\Uninstall.lnk
       D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder

    Trojan.WinAntiSpyware/WinAntiVirus 2006
       D:\DOCUMENTS AND SETTINGS\ENGINEERING\LOCAL SETTINGS\TEMP\NI.UWAS6_0001_N85M1306\SETUP.EXE
       D:\DOCUMENTS AND SETTINGS\ENGINEERING\LOCAL SETTINGS\TEMP\WINANTISPYWARE2006SETUP.EXE
    Logged

    harry 48



      Egghead

    • lay back , relax and chill out
      • Thanked: 129
      • Yes
      • Yes
      • Yes
      • Dribbling Pensioner
    • Certifications: List
    • Experience: Familiar
    • OS: Windows 7
    Re: Computer virus/malware
    « Reply #1 on: April 06, 2009, 04:12:42 PM »
    http://www.filehippo.com/download_ccleaner/


    http://download.cnet.com/ccleaner/

    try one of the above for ccleaner and post the log , harry
    Logged

    earmic

      Topic Starter


      Beginner

      Re: Computer virus/malware
      « Reply #2 on: April 07, 2009, 02:41:26 PM »
      I tried it from the sites, I can install it but can't get it to run.
      Logged

      harry 48



        Egghead

      • lay back , relax and chill out
        • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: Computer virus/malware
      « Reply #3 on: April 07, 2009, 02:51:55 PM »
      Logged

      earmic

        Topic Starter


        Beginner

        Re: Computer virus/malware
        « Reply #4 on: April 07, 2009, 07:06:03 PM »
        After I ran and cleaned, this is what I get for a log:

        LEANING COMPLETE - (5.712 secs)
        ------------------------------------------------------------------------------------------
        4.71MB removed.
        Secure file deletion enabled - NSA (7 passes)
        ------------------------------------------------------------------------------------------

        Details of files deleted
        ------------------------------------------------------------------------------------------
        D:\Documents and Settings\engineering\Local Settings\Temporary Internet Files\Content.IE5\M5OBEXUT\CAI3OXI3.gif 43 bytes
        Marked for deletion: D:\Documents and Settings\engineering\Local Settings\History\History.IE5\MSHist012009040720090408\index.dat
        D:\Documents and Settings\engineering\Recent\engineering.lnk 477 bytes
        D:\Documents and Settings\engineering\Recent\ErrorLogStore.txt.lnk 693 bytes
        Emptied Recycle Bin (4 files) 4.71MB
        Logged

        harry 48



          Egghead

        • lay back , relax and chill out
          • Thanked: 129
          • Yes
          • Yes
          • Yes
          • Dribbling Pensioner
        • Certifications: List
        • Experience: Familiar
        • OS: Windows 7
        Re: Computer virus/malware
        « Reply #5 on: April 08, 2009, 01:05:16 PM »
        i think if you run sas , malware and ccleaner again you will find that a lot of the engineering cookies etc are gone and then run hijack and post the logs in a new post

        i'm not an expert just helping , how the pc going now , harry
        Logged

        earmic

          Topic Starter


          Beginner

          Re: Computer virus/malware
          « Reply #6 on: April 08, 2009, 05:10:01 PM »
          I've run these several times and it is helping.  Doing it again then I'll repost the logs.
          Logged

          harry 48



            Egghead

          • lay back , relax and chill out
            • Thanked: 129
            • Yes
            • Yes
            • Yes
            • Dribbling Pensioner
          • Certifications: List
          • Experience: Familiar
          • OS: Windows 7
          Re: Computer virus/malware
          « Reply #7 on: April 08, 2009, 05:14:37 PM »
          did you get my PM harry
          Logged

          earmic

            Topic Starter


            Beginner

            Re: Computer virus/malware
            « Reply #8 on: April 08, 2009, 05:20:23 PM »
            What's a PM?
            Logged

            BC_Programmer


              Mastermind
            • Typing is no substitute for thinking.
              • Thanked: 1140
              • Yes
              • Yes
              • BC-Programming.com
            • Certifications: List
            • Computer: Specs
            • Experience: Beginner
            • OS: Windows 11
            Re: Computer virus/malware
            « Reply #9 on: April 08, 2009, 05:28:02 PM »
            private message. you can find a link to view your private message near the top of any forum page after logging in- it will say "Hey earmic, you have # messages, # is new"

            cliuck the link there to view your private messages.
            Logged
            I was trying to dereference Null Pointers before it was cool.
            Pages: [1]   Go Up
            « previous next »