Jump to content


Photo
- - - - -

Annoying Tracking Cookies


  • This topic is locked This topic is locked
1 reply to this topic

#1 kate

kate

    New Member

  • Members
  • Pip
  • 1 posts

Posted 01 January 2009 - 07:34 AM

Hi!

I have use AVG Free 8.0, Malwarebytes and Spybot to scan my laptop. i could not get rid of about 40 infected traking cookies such as Zedo, Yieldmanager,atmdt,fastclick, revsci, 207, serving-sys, tribal fushion. i tried to use 'Run' and type in the file location to delete the files. However, some files would reappear after a while and some files could not be located. what should i do to get rid of the tracking cookies? please help >.<

AVG free 8.0:

Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"40"
Information count:;"0"
Scan started:;"Thursday, 1 January, 2009, 10:37:05 AM"
Scan finished:;"Thursday, 1 January, 2009, 11:25:12 AM (48 minute(s) 6 second(s))"
Total object scanned:;"1002478"
User who launched the scan:;"Owner"

Warnings
File;"Infection";"Result"
C:\Users\Owner\AppData\Local\Temp\Cookies\owner@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Owner\AppData\Local\Temp\Cookies\owner@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Owner\AppData\Local\Temp\Cookies\owner@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\Owner\AppData\Local\Temp\Cookies\owner@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\Owner\AppData\Local\Temp\Low\Cookies\owner@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Owner\AppData\Local\Temp\Low\Cookies\owner@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@bs.serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@fastclick[2].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@fastclick[2].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[1].txt;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[1].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[1].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[1].txt:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[1].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@serving-sys[1].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tribalfusion[1].txt;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@tribalfusion[1].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:06 PM, on 1/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Mags Book] "C:\ProgramData\Ante site site.35scgce"
O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\Byte bat mess.v3u6eb"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Virtual%20Farm/Images/stg_drm.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.3.5.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Virtual%20Farm/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11058 bytes

#2 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,981 posts
  • Gender:Male
  • Location:US

Posted 04 January 2009 - 04:17 AM

Your version of Adobe Acrobat Reader appears to be invalid and should probably be reinstalled with the latest version.
You also need to update you Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
You can install a new version of Java once the system is cleaned up.

Start HJT and place a check mark on the following items
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENMY/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [Mags Book] "C:\ProgramData\Ante site site.35scgce"
O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\Byte bat mess.v3u6eb"
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Virtual%20Farm/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Virtual%20Farm/Images/armhelper.ocx


Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

The RESTART the computer again and AFTER the restart run HJT Scan and Save log and post back all NEW logs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users