Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91911 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Look2Me variant


  • This topic is locked This topic is locked
6 replies to this topic

#1 amodies

amodies

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 November 2005 - 07:47 PM

Here is my log file I appreciate the help! Thanks all!

Logfile of HijackThis v1.99.1
Scan saved at 8:47:03 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\amodies\Desktop\Antivirus\HijackThis.exe

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Rocket.Time.lnk = C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\p6r40g9qe6.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove


#2 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 07 November 2005 - 05:02 PM

Hello and welcome to TomCoyote forum. If you still need help, please follow these directions.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, <<< very important, and then please copy and paste the SpySweeper log along with a new HJT log into this thread. Let me know how you are running now.

Thanks...pskelley
TomCoyote forum
Expert Member
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 amodies

amodies

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 07 November 2005 - 05:47 PM

First of all thanks for all of your help already! Hmmm that actually may have worked. I tried just about everything else to take care of the problem except Spy Sweeper. I'll attach the logs anyways though maybe I'm missing something....

Logfile of HijackThis v1.99.1
Scan saved at 6:45:44 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\amodies\Desktop\Antivirus\HijackThis.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Rocket.Time.lnk = C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



********
6:27 PM: | Start of Session, Monday, November 07, 2005 |
6:27 PM: Spy Sweeper started
6:27 PM: Sweep initiated using definitions version 569
6:27 PM: Starting Memory Sweep
6:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:28 PM: Found Adware: icannnews
6:28 PM: Detected running threat: C:\WINDOWS\system32\mhw3prt.dll (ID = 83)
6:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:28 PM: Detected running threat: C:\WINDOWS\system32\l0n40a5qed.dll (ID = 83)
6:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:29 PM: Memory Sweep Complete, Elapsed Time: 00:02:05
6:29 PM: Starting Registry Sweep
6:29 PM: Registry Sweep Complete, Elapsed Time:00:00:09
6:29 PM: Starting Cookie Sweep
6:30 PM: Found Spy Cookie: adecn cookie
6:30 PM: amodies@adecn[1].txt (ID = 2063)
6:30 PM: Found Spy Cookie: hbmediapro cookie
6:30 PM: amodies@adopt.hbmediapro[2].txt (ID = 2768)
6:30 PM: Found Spy Cookie: cc214142 cookie
6:30 PM: amodies@ads.cc214142[2].txt (ID = 2367)
6:30 PM: Found Spy Cookie: adultfriendfinder cookie
6:30 PM: amodies@adultfriendfinder[2].txt (ID = 2165)
6:30 PM: Found Spy Cookie: askmen cookie
6:30 PM: amodies@askmen[1].txt (ID = 2247)
6:30 PM: Found Spy Cookie: ask cookie
6:30 PM: amodies@ask[1].txt (ID = 2245)
6:30 PM: Found Spy Cookie: belnk cookie
6:30 PM: amodies@ath.belnk[1].txt (ID = 2293)
6:30 PM: Found Spy Cookie: banner cookie
6:30 PM: amodies@banner[1].txt (ID = 2276)
6:30 PM: Found Spy Cookie: 2o7.net cookie
6:30 PM: amodies@buycom.122.2o7[2].txt (ID = 1958)
6:30 PM: Found Spy Cookie: enhance cookie
6:30 PM: amodies@c.enhance[1].txt (ID = 2614)
6:30 PM: amodies@cbs.112.2o7[1].txt (ID = 1958)
6:30 PM: Found Spy Cookie: cnt cookie
6:30 PM: amodies@cnt[1].txt (ID = 2422)
6:30 PM: Found Spy Cookie: 360i cookie
6:30 PM: amodies@ct.360i[2].txt (ID = 1962)
6:30 PM: Found Spy Cookie: clickzs cookie
6:30 PM: amodies@cz3.clickzs[2].txt (ID = 2413)
6:30 PM: Found Spy Cookie: wtlive.com cookie
6:30 PM: amodies@dcstest.wtlive[1].txt (ID = 3700)
6:30 PM: amodies@dist.belnk[2].txt (ID = 2293)
6:30 PM: Found Spy Cookie: go.com cookie
6:30 PM: amodies@espn.go[2].txt (ID = 2729)
6:30 PM: Found Spy Cookie: about cookie
6:30 PM: amodies@familycrafts.about[2].txt (ID = 2038)
6:30 PM: amodies@go[1].txt (ID = 2728)
6:30 PM: Found Spy Cookie: screensavers.com cookie
6:30 PM: amodies@i.screensavers[1].txt (ID = 3298)
6:30 PM: Found Spy Cookie: ic-live cookie
6:30 PM: amodies@ic-live[1].txt (ID = 2821)
6:30 PM: Found Spy Cookie: infospace cookie
6:30 PM: amodies@infospace[2].txt (ID = 2865)
6:30 PM: amodies@insider.espn.go[1].txt (ID = 2729)
6:30 PM: Found Spy Cookie: kmpads cookie
6:30 PM: amodies@kmpads[2].txt (ID = 2909)
6:30 PM: amodies@msnportal.112.2o7[1].txt (ID = 1958)
6:30 PM: Found Spy Cookie: nextag cookie
6:30 PM: amodies@nextag[2].txt (ID = 5014)
6:30 PM: Found Spy Cookie: partypoker cookie
6:30 PM: amodies@partypoker[2].txt (ID = 3111)
6:30 PM: amodies@proxy.espn.go[1].txt (ID = 2729)
6:30 PM: Found Spy Cookie: reunion cookie
6:30 PM: amodies@reunion[2].txt (ID = 3255)
6:30 PM: Found Spy Cookie: rn11 cookie
6:30 PM: amodies@rn11[2].txt (ID = 3261)
6:30 PM: Found Spy Cookie: adjuggler cookie
6:30 PM: amodies@rotator.adjuggler[2].txt (ID = 2071)
6:30 PM: amodies@rsi.espn.go[1].txt (ID = 2729)
6:30 PM: Found Spy Cookie: servlet cookie
6:30 PM: amodies@servlet[2].txt (ID = 3345)
6:30 PM: amodies@sonycorporate.122.2o7[1].txt (ID = 1958)
6:30 PM: amodies@sports-att.espn.go[1].txt (ID = 2729)
6:30 PM: amodies@sports.espn.go[1].txt (ID = 2729)
6:30 PM: Found Spy Cookie: dealtime cookie
6:30 PM: amodies@stat.dealtime[1].txt (ID = 2506)
6:30 PM: Found Spy Cookie: toplist cookie
6:30 PM: amodies@toplist[1].txt (ID = 3557)
6:30 PM: amodies@www.askmen[1].txt (ID = 2248)
6:30 PM: Found Spy Cookie: burstbeacon cookie
6:30 PM: amodies@www.burstbeacon[2].txt (ID = 2335)
6:30 PM: Found Spy Cookie: burstnet cookie
6:30 PM: amodies@www.burstnet[1].txt (ID = 2337)
6:30 PM: Found Spy Cookie: myaffiliateprogram.com cookie
6:30 PM: amodies@www.myaffiliateprogram[2].txt (ID = 3032)
6:30 PM: amodies@www.screensavers[1].txt (ID = 3298)
6:30 PM: Found Spy Cookie: yadro cookie
6:30 PM: amodies@yadro[1].txt (ID = 3743)
6:30 PM: Found Spy Cookie: yieldmanager cookie
6:30 PM: amodies@yieldmanager[2].txt (ID = 3749)
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
6:30 PM: Starting File Sweep
6:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: Found Adware: look2me
6:34 PM: appwrap[1].exe (ID = 65721)
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: appwrap[1].exe (ID = 65739)
6:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:36 PM: Found Adware: targetsaver
6:36 PM: class-barrel (ID = 78229)
6:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:38 PM: Warning: Invalid file - not a PKZip file
6:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: Warning: Invalid file - not a PKZip file
6:39 PM: Warning: Invalid file - not a PKZip file
6:39 PM: Warning: Invalid file - not a PKZip file
6:39 PM: Warning: Invalid file - not a PKZip file
6:39 PM: Warning: Invalid file - not a PKZip file
6:39 PM: Warning: Invalid file - not a PKZip file
6:39 PM: File Sweep Complete, Elapsed Time: 00:09:20
6:39 PM: Full Sweep has completed. Elapsed time 00:11:41
6:39 PM: Traces Found: 50
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: Removal process initiated
6:40 PM: Quarantining All Traces: icannnews
6:40 PM: icannnews is in use. It will be removed on reboot.
6:40 PM: C:\WINDOWS\system32\mhw3prt.dll is in use. It will be removed on reboot.
6:40 PM: C:\WINDOWS\system32\l0n40a5qed.dll is in use. It will be removed on reboot.
6:40 PM: Quarantining All Traces: look2me
6:40 PM: Quarantining All Traces: targetsaver
6:40 PM: Quarantining All Traces: 2o7.net cookie
6:40 PM: Quarantining All Traces: 360i cookie
6:40 PM: Quarantining All Traces: about cookie
6:40 PM: Quarantining All Traces: adecn cookie
6:40 PM: Quarantining All Traces: adjuggler cookie
6:40 PM: Quarantining All Traces: adultfriendfinder cookie
6:40 PM: Quarantining All Traces: ask cookie
6:40 PM: Quarantining All Traces: askmen cookie
6:40 PM: Quarantining All Traces: banner cookie
6:40 PM: Quarantining All Traces: belnk cookie
6:40 PM: Quarantining All Traces: burstbeacon cookie
6:40 PM: Quarantining All Traces: burstnet cookie
6:40 PM: Quarantining All Traces: cc214142 cookie
6:40 PM: Quarantining All Traces: clickzs cookie
6:40 PM: Quarantining All Traces: cnt cookie
6:40 PM: Quarantining All Traces: dealtime cookie
6:40 PM: Quarantining All Traces: enhance cookie
6:40 PM: Quarantining All Traces: go.com cookie
6:40 PM: Quarantining All Traces: hbmediapro cookie
6:40 PM: Quarantining All Traces: ic-live cookie
6:40 PM: Quarantining All Traces: infospace cookie
6:40 PM: Quarantining All Traces: kmpads cookie
6:40 PM: Quarantining All Traces: myaffiliateprogram.com cookie
6:40 PM: Quarantining All Traces: nextag cookie
6:40 PM: Quarantining All Traces: partypoker cookie
6:40 PM: Quarantining All Traces: reunion cookie
6:40 PM: Quarantining All Traces: rn11 cookie
6:40 PM: Quarantining All Traces: screensavers.com cookie
6:40 PM: Quarantining All Traces: servlet cookie
6:40 PM: Quarantining All Traces: toplist cookie
6:40 PM: Quarantining All Traces: wtlive.com cookie
6:40 PM: Quarantining All Traces: yadro cookie
6:40 PM: Quarantining All Traces: yieldmanager cookie
6:40 PM: Warning: Launched explorer.exe
6:40 PM: Warning: Quarantine process could not restart Explorer.
6:41 PM: Preparing to restart your computer. Please wait...
6:41 PM: Removal process completed. Elapsed time 00:00:50
6:43 PM: Warning: Failed to set data for 'initialized'
6:43 PM: Warning: Failed to set data for 'initialized'
6:43 PM: BHO Shield: found: -- BHO installation denied at user request
6:43 PM: BHO Shield: found: -- BHO installation allowed at user request
********
6:26 PM: | Start of Session, Monday, November 07, 2005 |
6:26 PM: Spy Sweeper started
6:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:26 PM: Your spyware definitions have been updated.
6:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:27 PM: | End of Session, Monday, November 07, 2005 |

#4 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 07 November 2005 - 06:51 PM

Looks like SS did the trick. How's the computer running. Keep in mind you get two weeks of full protection and it might use a few resources. If you are done with SS after the trial, I would remove it and disable the service. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

Safe surfing...Phil :wavey:

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 amodies

amodies

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 08 November 2005 - 12:46 AM

Ok I think Look2Me is still there. I ran my antivirus scan after I had posted and it showed up with the Look2Me strand still. I can post any logs we need still. I have Zone Alarm Firewall right now so it's doing a good job of blocking the pop ups. I'm not real sure if it's actually there or what the deal is. You're the expert so if you give me the green light again I'll assume we're good. Thanks again for all your help! Ooops may have spoke too soon. I ran Spy Sweeper again and nothing showed up. Ran Symantec Antivirus and nothing turned up there either! Once again thanks and good luck helping everyone else!

Edited by amodies, 08 November 2005 - 01:39 AM.


#6 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 08 November 2005 - 06:47 AM

Hi, I will say this...this junk gets installed all though your computer and we have had a real battle with it. The Spysweeper update has really helped us, and it removes the cause of the infection the vast majority of the time. If you wish to run additional scans or registry cleaners to look for remnants of this infection, they are available, and no doubt the remnants are there but they should no longer be able to cause you problems. If you wish information about what I just posted, let me know, otherwise I will close this topic shortly and move on to other infected folks.

I am going to say that ZA is not a popup blocker and that "normal" popups are going to happen when you surf. I use this: http://www.google.com/ on all of my computer. I use the basic toolbar/popup blocker. I do not load the resource wasters available with the download. You may wish to consider this. If you do, make sure you turn the blocker on in Options.

Thanks...Phil

Edited by pskelley, 08 November 2005 - 06:49 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#7 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 10 November 2005 - 09:07 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users