Thanks for all of your help. Here's the log from ActiveScan:
;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-07-02 22:17:17
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
AVG Anti-Virus Free 8.5 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@tribalfusion[4].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@mediaplex[1].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@centrport[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@anm.co[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@7search[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@www.myaffiliatepr ogram[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@com[2].txt
00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@seeq[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@landing.domainspo nsor[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@tickle[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@statcounter[1].txt
00167790 Cookie/Qsrch TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@qsrch[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@ad.yieldmanager[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@bs.serving-sys[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@ads.pointroll[1].txt
00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@de.uol.com[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@realmedia[2].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@uol.com[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@cgi-bin[5].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Mellisa\Cookies\mellisa@bluestreak[2].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@rn11[2].txt
00187951 Cookie/seeqA TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@www.seeq[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@go[1].txt
00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@www48.seeq[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@did-it[2].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@cgi-bin[9].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@cgi-bin[3].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Patrick\Cookies\patrick@cgi-bin[4].txt
00966839 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
01255021 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP679\A0099426.dll
01255021 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETtetq vbql.dll.vir
01823570 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNEToaoy lyab.dll.vir
01823570 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP679\A0099425.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP679\A0099462.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP679\A0099427.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP679\A0099424.sys
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location t
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description t
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
 |
 |
 |
 |
|
|||||||
| [Pending] HJT Logs - System Security virus help posted in the Security & Safety forums; Thanks for all of your help. Here's the log from ActiveScan: ;************************************************* ************************************************** ************************************************** ****************************** ANALYSIS: 2009-07-02 22:17:17 PROTECTIONS: 1 MALWARE: 43 SUSPECTS: 0 ;************************************************* ************************************************** ************************************************** ****************************** PROTECTIONS Description ... |
|
07-03-2009
|
#15 |
|
Bronze Member
 Join Date: Jun 2009
Posts: 9 PC Experience: Some Experience
|
Re: System Security virus help
|
|
|
| Advertisement - Register to Remove | |
|
|
07-03-2009
|
#16 |
|
Senior Security Analyst
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,177 PC Experience: PC Guru
|
Re: System Security virus help
Hi pwogilvy,
I have been working on your case behind the scenes from the start, with Crush. He is now on vacation though, so I will take over. Well the good news is that your system should be free of any malware. Just one thing though... I see that you have Viewpoint installed. Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
If you are having trouble removing Viewpoint, I suggest that you use ViewpointKiller. You may download it from this link. Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and select File > Do All Killings. Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. A logfile will be created in the folder you unzipped ViewpointKiller to, please paste the contents here if you ran the tool. Please post back whether or not you decided to remove ViewPoint. Thanks. 
|
|
|
|
|
07-05-2009
|
#17 |
|
Bronze Member
Join Date: Jun 2009
Posts: 9 PC Experience: Some Experience
|
Re: System Security virus help
Thanks for everything. You guys have been very helpful. Here's the logfile from the ViewpointKiller:
---------------------------------- ViewpointKiller Version 1.30 (beta) The removal process was started on Sun Jul 05 09:14:33 2009 Preparing to remove Viewpoint Media Player... Warning accepted, beginning removal process.... ViewpointKiller determined that "aim.exe" was not running. ViewpointKiller determined that "aim6.exe" was not running. ViewpointKiller determined that "aolsoftware.exe" was not running. ViewpointKiller determined that "aol.exe" was not running. ViewpointKiller determined that "MtsAxInstaller.exe" was not running. Preparing to close the Viewpoint Manager Service if it is running... Closing "Viewpoint Manager Service" failed, or the service is not running. Searching for all known Viewpoint Media Player registry values and keys... Found and removed: SOFTWARE\Viewpoint Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Found and removed: CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Found and removed: AxMetaStream.MetaStreamCtl Found and removed: AxMetaStream.MetaStreamCtl.1 Found and removed: AxMetaStream.MetaStreamCtlSecondary Found and removed: AxMetaStream.MetaStreamCtlSecondary.1 Found and removed: interface\{9dbb28cd-1925-11d3-a498-00104b6eb52e} Finished searching for and removing all known Viewpoint Media Player registry values and keys. Searching for all known Viewpoint Media Player files and folders... Found and removed: C:\Documents and Settings\All Users\Application Data\Viewpoint Finished searching for and removing all known Viewpoint Media Player files and folders. Finished reporting. ---------------------------------- ---------------------------------- ViewpointKiller Version 1.30 (beta) The removal process was started on Sun Jul 05 09:14:47 2009 Preparing to remove Viewpoint Manager... ViewpointKiller determined that "viewmgr.exe" was not running. Searching for all known Viewpoint Manager registry values and keys... Finished searching for and removing all known Viewpoint Manager registry values and keys. Searching for all known Viewpoint Manager files and folders... Finished searching for and removing all known Viewpoint Manager files and folders. Finished reporting. ---------------------------------- ---------------------------------- ViewpointKiller Version 1.30 (beta) The removal process was started on Sun Jul 05 09:14:50 2009 Preparing to remove Viewpoint Toolbar... ViewpointKiller determined that "FotomatDeviceConnect.exe" was not running. ViewpointKiller was able to close "iexplore.exe" successfully. Searming for all known Viewpoint Toolbar registry values and keys... Finished searching for and removing all known Viewpoint Toolbar registry values and keys. Searching for all known Viewpoint Toolbar files and folders... Finished searching for and removing all known Viewpoint Toolbar files and folders. Finished reporting. ---------------------------------- |
|
|
|
|
07-05-2009
|
#18 |
|
Senior Security Analyst
Join Date: Jun 2006
Location: Singapore
Posts: 5,177 PC Experience: PC Guru
|
Re: System Security virus help
Java is outdated on your PC.
Please download JavaRa to your desktop and unzip it to its own folder
================================================== ======== It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Let me know how your PC is running now. |
|
|
|
|
07-22-2009
|
#19 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: System Security virus help
Hello,
I'm just following up. Do you still require assistance in removing your malware? Or can we put this one to bed? If you are still in need of assistance please follow the procedure located at the top of the forum. Regards, Crush PCHF Security Team Leader
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
| Bookmarks |
| Tags |
| Pending:, security, system, virus |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Security Scan virus | lowiesa | [Fixed] Hijackthis! Logs | 11 | 07-24-2009 01:54 PM |
| Fixed: System Security | CoryRayM | [Fixed] Hijackthis! Logs | 18 | 06-25-2009 10:10 PM |
| Pending: System Security Virus | NeryCastillo21 | [Pending] HJT Logs | 3 | 06-12-2009 06:28 AM |
| Pending: Security Disabled virus | cjester1985 | [Pending] HJT Logs | 2 | 06-01-2009 07:29 AM |
| Security Toolbar virus | ravagemonkey | Windows XP/2000 | 2 | 12-01-2007 02:58 AM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
