Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

chel log for Trojan.vundo

Started by chelsea , Dec 05 2005 02:41 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 chelsea

chelsea

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 05 December 2005 - 02:41 PM

Here's the copied log from HijackThis. Much appreciated if someone would help. Thank You!!
Logfile of HijackThis v1.99.1
Scan saved at 12:37:37 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cocc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\awtss.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 December 2005 - 04:44 PM

STEP 1.
======
SpySweeper
Please download WebRoot SpySweeper .
(It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
STEP 2.
======
Download Ewido
  • Download and install Ewido Security Suite It is a free trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
STEP 3.
======
Update Ewido
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 4.
======
Ewido Scan
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    o You will need to step through the process of cleaning files one-by-one.
    o If ewido detects a file you KNOW to be legitimate, select none as the action.
    o DO NOT select "Perform action on all infections"
    o If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


STEP 5.
======
CWShredder

Please download and run CWShredder
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

STEP 6.
======

Please do an onlione scan here >>>> http://housecall.trendmicro.com/ and allow it to clean/remove what it finds.


Please post the results from SpySweeper, ewido and a new hijackthis log.

#3 chelsea

chelsea

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 05 December 2005 - 11:43 PM

Here is the log from Spy Sweeper 6:24 PM: | Start of Session, Monday, December 05, 2005 | 6:24 PM: Spy Sweeper started 6:24 PM: Sweep initiated using definitions version 578 6:24 PM: Starting Memory Sweep 6:24 PM: Warning: Failed to load image: C:\WINDOWS\system32\awtss.dll 6:25 PM: Found Adware: virtumonde 6:25 PM: Detected running threat: C:\WINDOWS\system32\awtss.dll (ID = 77) 6:28 PM: Memory Sweep Complete, Elapsed Time: 00:03:46 6:28 PM: Starting Registry Sweep 6:28 PM: Registry Sweep Complete, Elapsed Time:00:00:33 6:28 PM: Starting Cookie Sweep 6:28 PM: Found Spy Cookie: 2o7.net cookie 6:28 PM: tom@2o7[2].txt (ID = 1957) 6:28 PM: Found Spy Cookie: websponsors cookie 6:28 PM: tom@a.websponsors[2].txt (ID = 3665) 6:28 PM: Found Spy Cookie: about cookie 6:28 PM: tom@about[2].txt (ID = 2037) 6:28 PM: Found Spy Cookie: yieldmanager cookie 6:28 PM: tom@ad.yieldmanager[1].txt (ID = 3751) 6:28 PM: Found Spy Cookie: adecn cookie 6:28 PM: tom@adecn[2].txt (ID = 2063) 6:28 PM: Found Spy Cookie: adknowledge cookie 6:28 PM: tom@adknowledge[2].txt (ID = 2072) 6:28 PM: Found Spy Cookie: hbmediapro cookie 6:28 PM: tom@adopt.hbmediapro[2].txt (ID = 2768) 6:28 PM: Found Spy Cookie: hotbar cookie 6:28 PM: tom@adopt.hotbar[2].txt (ID = 4207) 6:28 PM: Found Spy Cookie: specificclick.com cookie 6:28 PM: tom@adopt.specificclick[1].txt (ID = 3400) 6:28 PM: Found Spy Cookie: adrevolver cookie 6:28 PM: tom@adrevolver[2].txt (ID = 2088) 6:28 PM: tom@adrevolver[3].txt (ID = 2088) 6:28 PM: Found Spy Cookie: cc214142 cookie 6:28 PM: tom@ads.cc214142[1].txt (ID = 2367) 6:28 PM: Found Spy Cookie: pointroll cookie 6:28 PM: tom@ads.pointroll[2].txt (ID = 3148) 6:28 PM: Found Spy Cookie: advertising cookie 6:28 PM: tom@advertising[2].txt (ID = 2175) 6:28 PM: Found Spy Cookie: apmebf cookie 6:28 PM: tom@apmebf[1].txt (ID = 2229) 6:28 PM: Found Spy Cookie: falkag cookie 6:28 PM: tom@as-us.falkag[1].txt (ID = 2650) 6:28 PM: Found Spy Cookie: ask cookie 6:28 PM: tom@ask[1].txt (ID = 2245) 6:28 PM: Found Spy Cookie: atlas dmt cookie 6:28 PM: tom@atdmt[2].txt (ID = 2253) 6:28 PM: Found Spy Cookie: belnk cookie 6:28 PM: tom@ath.belnk[1].txt (ID = 2293) 6:28 PM: Found Spy Cookie: banner cookie 6:28 PM: tom@banner[2].txt (ID = 2276) 6:28 PM: tom@belnk[2].txt (ID = 2292) 6:28 PM: Found Spy Cookie: bizrate cookie 6:28 PM: tom@bizrate[2].txt (ID = 2308) 6:28 PM: Found Spy Cookie: bluestreak cookie 6:28 PM: tom@bluestreak[2].txt (ID = 2314) 6:28 PM: Found Spy Cookie: burstnet cookie 6:28 PM: tom@burstnet[1].txt (ID = 2336) 6:28 PM: Found Spy Cookie: casalemedia cookie 6:28 PM: tom@casalemedia[1].txt (ID = 2354) 6:28 PM: Found Spy Cookie: classmates cookie 6:28 PM: tom@classmates[1].txt (ID = 2384) 6:28 PM: Found Spy Cookie: sextracker cookie 6:28 PM: tom@counter1.sextracker[2].txt (ID = 3362) 6:28 PM: tom@counter10.sextracker[1].txt (ID = 3362) 6:28 PM: tom@counter16.sextracker[1].txt (ID = 3362) 6:28 PM: tom@counter4.sextracker[1].txt (ID = 3362) 6:28 PM: tom@counter7.sextracker[1].txt (ID = 3362) 6:28 PM: Found Spy Cookie: clickzs cookie 6:28 PM: tom@cz6.clickzs[2].txt (ID = 2413) 6:28 PM: tom@cz8.clickzs[2].txt (ID = 2413) 6:28 PM: Found Spy Cookie: coremetrics cookie 6:28 PM: tom@data.coremetrics[1].txt (ID = 2472) 6:28 PM: tom@dist.belnk[1].txt (ID = 2293) 6:28 PM: Found Spy Cookie: ru4 cookie 6:28 PM: tom@edge.ru4[1].txt (ID = 3269) 6:28 PM: Found Spy Cookie: fastclick cookie 6:28 PM: tom@fastclick[1].txt (ID = 2651) 6:28 PM: Found Spy Cookie: gostats cookie 6:28 PM: tom@gostats[2].txt (ID = 2747) 6:28 PM: Found Spy Cookie: starware.com cookie 6:28 PM: tom@h.starware[2].txt (ID = 3442) 6:28 PM: Found Spy Cookie: clickandtrack cookie 6:28 PM: tom@hits.clickandtrack[1].txt (ID = 2397) 6:28 PM: Found Spy Cookie: screensavers.com cookie 6:28 PM: tom@i.screensavers[1].txt (ID = 3298) 6:28 PM: Found Spy Cookie: linksynergy cookie 6:28 PM: tom@linksynergy[2].txt (ID = 2926) 6:28 PM: Found Spy Cookie: maxserving cookie 6:28 PM: tom@maxserving[1].txt (ID = 2966) 6:28 PM: Found Spy Cookie: metareward.com cookie 6:28 PM: tom@metareward[1].txt (ID = 2990) 6:28 PM: tom@msnportal.112.2o7[1].txt (ID = 1958) 6:28 PM: Found Spy Cookie: nextag cookie 6:28 PM: tom@nextag[2].txt (ID = 5014) 6:28 PM: Found Spy Cookie: paycounter cookie 6:28 PM: tom@paycounter[2].txt (ID = 3115) 6:28 PM: Found Spy Cookie: overture cookie 6:28 PM: tom@perf.overture[1].txt (ID = 3106) 6:28 PM: Found Spy Cookie: pub cookie 6:28 PM: tom@pub[1].txt (ID = 3205) 6:28 PM: Found Spy Cookie: qksrv cookie 6:28 PM: tom@qksrv[1].txt (ID = 3213) 6:28 PM: Found Spy Cookie: questionmarket cookie 6:28 PM: tom@questionmarket[1].txt (ID = 3217) 6:28 PM: Found Spy Cookie: realmedia cookie 6:28 PM: tom@realmedia[1].txt (ID = 3235) 6:28 PM: Found Spy Cookie: revenue.net cookie 6:28 PM: tom@revenue[1].txt (ID = 3257) 6:28 PM: Found Spy Cookie: rn11 cookie 6:28 PM: tom@rn11[2].txt (ID = 3261) 6:28 PM: Found Spy Cookie: servedby advertising cookie 6:28 PM: tom@servedby.advertising[1].txt (ID = 3335) 6:28 PM: Found Spy Cookie: serving-sys cookie 6:28 PM: tom@serving-sys[2].txt (ID = 3343) 6:28 PM: Found Spy Cookie: sexlist cookie 6:28 PM: tom@sexlist[1].txt (ID = 3353) 6:28 PM: Found Spy Cookie: spywarestormer cookie 6:28 PM: tom@spywarestormer[1].txt (ID = 3417) 6:28 PM: tom@starware[2].txt (ID = 3441) 6:28 PM: Found Spy Cookie: reliablestats cookie 6:28 PM: tom@stats1.reliablestats[2].txt (ID = 3254) 6:28 PM: Found Spy Cookie: toplist cookie 6:28 PM: tom@toplist[1].txt (ID = 3557) 6:28 PM: Found Spy Cookie: tradedoubler cookie 6:28 PM: tom@tradedoubler[2].txt (ID = 3575) 6:28 PM: Found Spy Cookie: trafficmp cookie 6:28 PM: tom@trafficmp[1].txt (ID = 3581) 6:28 PM: Found Spy Cookie: tribalfusion cookie 6:28 PM: tom@tribalfusion[1].txt (ID = 3589) 6:28 PM: tom@trucks.about[1].txt (ID = 2038) 6:28 PM: tom@www.screensavers[1].txt (ID = 3298) 6:28 PM: tom@www.starware[1].txt (ID = 3442) 6:28 PM: tom@yieldmanager[1].txt (ID = 3749) 6:28 PM: Found Spy Cookie: adserver cookie 6:28 PM: tom@z1.adserver[2].txt (ID = 2142) 6:28 PM: Found Spy Cookie: zedo cookie 6:28 PM: tom@zedo[2].txt (ID = 3762) 6:28 PM: Found Spy Cookie: 247realmedia cookie 6:28 PM: chel@247realmedia[2].txt (ID = 1953) 6:28 PM: chel@2o7[1].txt (ID = 1957) 6:28 PM: chel@about[1].txt (ID = 2037) 6:28 PM: chel@ad.yieldmanager[2].txt (ID = 3751) 6:28 PM: chel@adknowledge[1].txt (ID = 2072) 6:28 PM: chel@adopt.specificclick[1].txt (ID = 3400) 6:28 PM: Found Spy Cookie: adprofile cookie 6:28 PM: chel@adprofile[2].txt (ID = 2084) 6:28 PM: chel@adrevolver[1].txt (ID = 2088) 6:28 PM: chel@adrevolver[3].txt (ID = 2088) 6:28 PM: Found Spy Cookie: addynamix cookie 6:28 PM: chel@ads.addynamix[2].txt (ID = 2062) 6:28 PM: chel@ads.pointroll[2].txt (ID = 3148) 6:28 PM: Found Spy Cookie: adtech cookie 6:28 PM: chel@adtech[2].txt (ID = 2155) 6:28 PM: Found Spy Cookie: adultfriendfinder cookie 6:28 PM: chel@adultfriendfinder[2].txt (ID = 2165) 6:28 PM: chel@advertising[1].txt (ID = 2175) 6:28 PM: chel@apmebf[2].txt (ID = 2229) 6:28 PM: Found Spy Cookie: aptimus cookie 6:28 PM: chel@aptimus[2].txt (ID = 2233) 6:28 PM: chel@ask[1].txt (ID = 2245) 6:28 PM: chel@atdmt[2].txt (ID = 2253) 6:28 PM: chel@ath.belnk[2].txt (ID = 2293) 6:28 PM: Found Spy Cookie: atwola cookie 6:28 PM: chel@atwola[1].txt (ID = 2255) 6:28 PM: Found Spy Cookie: howstuffworks cookie 6:28 PM: chel@auto.howstuffworks[1].txt (ID = 2806) 6:28 PM: Found Spy Cookie: bannerspace cookie 6:28 PM: chel@bannerspace[1].txt (ID = 2284) 6:28 PM: chel@banner[1].txt (ID = 2276) 6:28 PM: chel@beadwork.about[2].txt (ID = 2038) 6:28 PM: chel@belnk[2].txt (ID = 2292) 6:28 PM: chel@bluestreak[1].txt (ID = 2314) 6:28 PM: Found Spy Cookie: bravenet cookie 6:28 PM: chel@bravenet[2].txt (ID = 2322) 6:28 PM: chel@burstnet[1].txt (ID = 2336) 6:28 PM: chel@c5.zedo[1].txt (ID = 3763) 6:28 PM: chel@casalemedia[2].txt (ID = 2354) 6:28 PM: Found Spy Cookie: centrport net cookie 6:28 PM: chel@centrport[2].txt (ID = 2374) 6:28 PM: chel@classmates[2].txt (ID = 2384) 6:28 PM: Found Spy Cookie: clickbank cookie 6:28 PM: chel@clickbank[2].txt (ID = 2398) 6:28 PM: chel@cnn.122.2o7[1].txt (ID = 1958) 6:28 PM: Found Spy Cookie: commission junction cookie 6:28 PM: chel@commission-junction[1].txt (ID = 2455) 6:28 PM: Found Spy Cookie: coolsavings cookie 6:28 PM: chel@coolsavings[1].txt (ID = 2465) 6:28 PM: chel@data.coremetrics[1].txt (ID = 2472) 6:28 PM: chel@dist.belnk[1].txt (ID = 2293) 6:28 PM: chel@edge.ru4[1].txt (ID = 3269) 6:28 PM: chel@ehealthcaresolutions.122.2o7[1].txt (ID = 1958) 6:28 PM: chel@fastclick[2].txt (ID = 2651) 6:28 PM: chel@gogreece.about[1].txt (ID = 2038) 6:28 PM: chel@howstuffworks[2].txt (ID = 2805) 6:28 PM: chel@jewelrymaking.about[1].txt (ID = 2038) 6:28 PM: chel@linksynergy[2].txt (ID = 2926) 6:28 PM: chel@maxserving[1].txt (ID = 2966) 6:28 PM: chel@microsofteup.112.2o7[1].txt (ID = 1958) 6:28 PM: chel@mp3.about[1].txt (ID = 2038) 6:28 PM: chel@msnportal.112.2o7[1].txt (ID = 1958) 6:28 PM: chel@network.aptimus[1].txt (ID = 2235) 6:28 PM: chel@nextag[1].txt (ID = 5014) 6:28 PM: chel@northwestairlines.112.2o7[1].txt (ID = 1958) 6:28 PM: chel@overture[1].txt (ID = 3105) 6:28 PM: chel@perf.overture[1].txt (ID = 3106) 6:28 PM: Found Spy Cookie: pro-market cookie 6:28 PM: chel@pro-market[2].txt (ID = 3197) 6:28 PM: chel@qksrv[1].txt (ID = 3213) 6:28 PM: chel@questionmarket[1].txt (ID = 3217) 6:28 PM: chel@realmedia[2].txt (ID = 3235) 6:28 PM: chel@revenue[1].txt (ID = 3257) 6:28 PM: Found Spy Cookie: server.iad.liveperson cookie 6:28 PM: chel@server.iad.liveperson[1].txt (ID = 3341) 6:28 PM: chel@serving-sys[2].txt (ID = 3343) 6:28 PM: Found Spy Cookie: servlet cookie 6:28 PM: chel@servlet[2].txt (ID = 3345) 6:28 PM: Found Spy Cookie: dealtime cookie 6:28 PM: chel@stat.dealtime[2].txt (ID = 2506) 6:28 PM: Found Spy Cookie: onestat.com cookie 6:28 PM: chel@stat.onestat[2].txt (ID = 3098) 6:28 PM: Found Spy Cookie: statcounter cookie 6:28 PM: chel@statcounter[2].txt (ID = 3447) 6:28 PM: chel@stats1.reliablestats[1].txt (ID = 3254) 6:28 PM: Found Spy Cookie: webtrendslive cookie 6:28 PM: chel@statse.webtrendslive[1].txt (ID = 3667) 6:28 PM: Found Spy Cookie: targetnet cookie 6:28 PM: chel@targetnet[2].txt (ID = 3489) 6:28 PM: chel@tradedoubler[1].txt (ID = 3575) 6:28 PM: chel@trafficmp[2].txt (ID = 3581) 6:28 PM: chel@tribalfusion[1].txt (ID = 3589) 6:28 PM: Found Spy Cookie: tripod cookie 6:28 PM: chel@tripod[1].txt (ID = 3591) 6:28 PM: chel@twci.coremetrics[1].txt (ID = 2472) 6:28 PM: Found Spy Cookie: burstbeacon cookie 6:28 PM: chel@www.burstbeacon[1].txt (ID = 2335) 6:28 PM: chel@z1.adserver[1].txt (ID = 2142) 6:28 PM: chel@zedo[2].txt (ID = 3762) 6:28 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06 6:28 PM: Starting File Sweep 6:44 PM: File Sweep Complete, Elapsed Time: 00:15:03 6:44 PM: Full Sweep has completed. Elapsed time 00:19:34 6:44 PM: Traces Found: 147 7:04 PM: Removal process initiated 7:05 PM: Quarantining All Traces: virtumonde 7:05 PM: virtumonde is in use. It will be removed on reboot. 7:05 PM: C:\WINDOWS\system32\awtss.dll is in use. It will be removed on reboot. 7:05 PM: Quarantining All Traces: 247realmedia cookie 7:05 PM: Quarantining All Traces: 2o7.net cookie 7:05 PM: Quarantining All Traces: about cookie 7:05 PM: Quarantining All Traces: addynamix cookie 7:05 PM: Quarantining All Traces: adecn cookie 7:05 PM: Quarantining All Traces: adknowledge cookie 7:05 PM: Quarantining All Traces: adprofile cookie 7:05 PM: Quarantining All Traces: adrevolver cookie 7:05 PM: Quarantining All Traces: adserver cookie 7:05 PM: Quarantining All Traces: adtech cookie 7:05 PM: Quarantining All Traces: adultfriendfinder cookie 7:05 PM: Quarantining All Traces: advertising cookie 7:05 PM: Quarantining All Traces: apmebf cookie 7:05 PM: Quarantining All Traces: aptimus cookie 7:05 PM: Quarantining All Traces: ask cookie 7:05 PM: Quarantining All Traces: atlas dmt cookie 7:05 PM: Quarantining All Traces: atwola cookie 7:05 PM: Quarantining All Traces: banner cookie 7:05 PM: Quarantining All Traces: bannerspace cookie 7:05 PM: Quarantining All Traces: belnk cookie 7:05 PM: Quarantining All Traces: bizrate cookie 7:05 PM: Quarantining All Traces: bluestreak cookie 7:05 PM: Quarantining All Traces: bravenet cookie 7:05 PM: Quarantining All Traces: burstbeacon cookie 7:05 PM: Quarantining All Traces: burstnet cookie 7:05 PM: Quarantining All Traces: casalemedia cookie 7:05 PM: Quarantining All Traces: cc214142 cookie 7:05 PM: Quarantining All Traces: centrport net cookie 7:05 PM: Quarantining All Traces: classmates cookie 7:05 PM: Quarantining All Traces: clickandtrack cookie 7:05 PM: Quarantining All Traces: clickbank cookie 7:05 PM: Quarantining All Traces: clickzs cookie 7:05 PM: Quarantining All Traces: commission junction cookie 7:05 PM: Quarantining All Traces: coolsavings cookie 7:05 PM: Quarantining All Traces: coremetrics cookie 7:05 PM: Quarantining All Traces: dealtime cookie 7:05 PM: Quarantining All Traces: falkag cookie 7:05 PM: Quarantining All Traces: fastclick cookie 7:05 PM: Quarantining All Traces: gostats cookie 7:05 PM: Quarantining All Traces: hbmediapro cookie 7:05 PM: Quarantining All Traces: hotbar cookie 7:05 PM: Quarantining All Traces: howstuffworks cookie 7:05 PM: Quarantining All Traces: linksynergy cookie 7:05 PM: Quarantining All Traces: maxserving cookie 7:05 PM: Quarantining All Traces: metareward.com cookie 7:05 PM: Quarantining All Traces: nextag cookie 7:05 PM: Quarantining All Traces: onestat.com cookie 7:05 PM: Quarantining All Traces: overture cookie 7:05 PM: Quarantining All Traces: paycounter cookie 7:05 PM: Quarantining All Traces: pointroll cookie 7:05 PM: Quarantining All Traces: pro-market cookie 7:05 PM: Quarantining All Traces: pub cookie 7:05 PM: Quarantining All Traces: qksrv cookie 7:05 PM: Quarantining All Traces: questionmarket cookie 7:05 PM: Quarantining All Traces: realmedia cookie 7:05 PM: Quarantining All Traces: reliablestats cookie 7:05 PM: Quarantining All Traces: revenue.net cookie 7:05 PM: Quarantining All Traces: rn11 cookie 7:05 PM: Quarantining All Traces: ru4 cookie 7:05 PM: Quarantining All Traces: screensavers.com cookie 7:05 PM: Quarantining All Traces: servedby advertising cookie 7:05 PM: Quarantining All Traces: server.iad.liveperson cookie 7:05 PM: Quarantining All Traces: serving-sys cookie 7:05 PM: Quarantining All Traces: servlet cookie 7:05 PM: Quarantining All Traces: sexlist cookie 7:05 PM: Quarantining All Traces: sextracker cookie 7:05 PM: Quarantining All Traces: specificclick.com cookie 7:05 PM: Quarantining All Traces: spywarestormer cookie 7:05 PM: Quarantining All Traces: starware.com cookie 7:05 PM: Quarantining All Traces: statcounter cookie 7:05 PM: Quarantining All Traces: targetnet cookie 7:05 PM: Quarantining All Traces: toplist cookie 7:05 PM: Quarantining All Traces: tradedoubler cookie 7:05 PM: Quarantining All Traces: trafficmp cookie 7:05 PM: Quarantining All Traces: tribalfusion cookie 7:05 PM: Quarantining All Traces: tripod cookie 7:05 PM: Quarantining All Traces: websponsors cookie 7:05 PM: Quarantining All Traces: webtrendslive cookie 7:05 PM: Quarantining All Traces: yieldmanager cookie 7:05 PM: Quarantining All Traces: zedo cookie 7:05 PM: Warning: Launched explorer.exe 7:05 PM: Warning: Quarantine process could not restart Explorer. 7:05 PM: Removal process completed. Elapsed time 00:01:50 ******** 5:16 PM: | Start of Session, Monday, December 05, 2005 | 5:16 PM: Spy Sweeper started 5:16 PM: Sweep initiated using definitions version 578 5:16 PM: Starting Memory Sweep 5:16 PM: Warning: Failed to load image: C:\WINDOWS\system32\awtss.dll 5:17 PM: Found Adware: virtumonde 5:17 PM: Detected running threat: C:\WINDOWS\system32\awtss.dll (ID = 77) 5:24 PM: Memory Sweep Complete, Elapsed Time: 00:07:56 5:24 PM: Starting Registry Sweep 5:25 PM: Registry Sweep Complete, Elapsed Time:00:01:35 5:26 PM: Starting Cookie Sweep 5:26 PM: Found Spy Cookie: 2o7.net cookie 5:26 PM: tom@2o7[2].txt (ID = 1957) 5:26 PM: Found Spy Cookie: websponsors cookie 5:26 PM: tom@a.websponsors[2].txt (ID = 3665) 5:26 PM: Found Spy Cookie: about cookie 5:26 PM: tom@about[2].txt (ID = 2037) 5:26 PM: Found Spy Cookie: yieldmanager cookie 5:26 PM: tom@ad.yieldmanager[1].txt (ID = 3751) 5:26 PM: Found Spy Cookie: adecn cookie 5:26 PM: tom@adecn[2].txt (ID = 2063) 5:26 PM: Found Spy Cookie: adknowledge cookie 5:26 PM: tom@adknowledge[2].txt (ID = 2072) 5:26 PM: Found Spy Cookie: hbmediapro cookie 5:26 PM: tom@adopt.hbmediapro[2].txt (ID = 2768) 5:26 PM: Found Spy Cookie: hotbar cookie 5:26 PM: tom@adopt.hotbar[2].txt (ID = 4207) 5:26 PM: Found Spy Cookie: specificclick.com cookie 5:26 PM: tom@adopt.specificclick[1].txt (ID = 3400) 5:26 PM: Found Spy Cookie: adrevolver cookie 5:26 PM: tom@adrevolver[2].txt (ID = 2088) 5:26 PM: tom@adrevolver[3].txt (ID = 2088) 5:26 PM: Found Spy Cookie: cc214142 cookie 5:26 PM: tom@ads.cc214142[1].txt (ID = 2367) 5:26 PM: Found Spy Cookie: pointroll cookie 5:26 PM: tom@ads.pointroll[2].txt (ID = 3148) 5:26 PM: Found Spy Cookie: advertising cookie 5:26 PM: tom@advertising[2].txt (ID = 2175) 5:26 PM: Found Spy Cookie: apmebf cookie 5:26 PM: tom@apmebf[1].txt (ID = 2229) 5:26 PM: Found Spy Cookie: falkag cookie 5:26 PM: tom@as-us.falkag[1].txt (ID = 2650) 5:26 PM: Found Spy Cookie: ask cookie 5:26 PM: tom@ask[1].txt (ID = 2245) 5:26 PM: Found Spy Cookie: atlas dmt cookie 5:26 PM: tom@atdmt[2].txt (ID = 2253) 5:26 PM: Found Spy Cookie: belnk cookie 5:26 PM: tom@ath.belnk[1].txt (ID = 2293) 5:26 PM: Found Spy Cookie: banner cookie 5:26 PM: tom@banner[2].txt (ID = 2276) 5:26 PM: tom@belnk[2].txt (ID = 2292) 5:26 PM: Found Spy Cookie: bizrate cookie 5:26 PM: tom@bizrate[2].txt (ID = 2308) 5:26 PM: Found Spy Cookie: bluestreak cookie 5:26 PM: tom@bluestreak[2].txt (ID = 2314) 5:26 PM: Found Spy Cookie: burstnet cookie 5:26 PM: tom@burstnet[1].txt (ID = 2336) 5:26 PM: Found Spy Cookie: casalemedia cookie 5:26 PM: tom@casalemedia[1].txt (ID = 2354) 5:26 PM: Found Spy Cookie: classmates cookie 5:26 PM: tom@classmates[1].txt (ID = 2384) 5:26 PM: Found Spy Cookie: sextracker cookie 5:26 PM: tom@counter1.sextracker[2].txt (ID = 3362) 5:26 PM: tom@counter10.sextracker[1].txt (ID = 3362) 5:26 PM: tom@counter16.sextracker[1].txt (ID = 3362) 5:26 PM: tom@counter4.sextracker[1].txt (ID = 3362) 5:26 PM: tom@counter7.sextracker[1].txt (ID = 3362) 5:26 PM: Found Spy Cookie: clickzs cookie 5:26 PM: tom@cz6.clickzs[2].txt (ID = 2413) 5:26 PM: tom@cz8.clickzs[2].txt (ID = 2413) 5:26 PM: Found Spy Cookie: coremetrics cookie 5:26 PM: tom@data.coremetrics[1].txt (ID = 2472) 5:26 PM: tom@dist.belnk[1].txt (ID = 2293) 5:26 PM: Found Spy Cookie: ru4 cookie 5:26 PM: tom@edge.ru4[1].txt (ID = 3269) 5:26 PM: Found Spy Cookie: fastclick cookie 5:26 PM: tom@fastclick[1].txt (ID = 2651) 5:26 PM: Found Spy Cookie: gostats cookie 5:26 PM: tom@gostats[2].txt (ID = 2747) 5:26 PM: Found Spy Cookie: starware.com cookie 5:26 PM: tom@h.starware[2].txt (ID = 3442) 5:26 PM: Found Spy Cookie: clickandtrack cookie 5:26 PM: tom@hits.clickandtrack[1].txt (ID = 2397) 5:26 PM: Found Spy Cookie: screensavers.com cookie 5:26 PM: tom@i.screensavers[1].txt (ID = 3298) 5:26 PM: Found Spy Cookie: linksynergy cookie 5:26 PM: tom@linksynergy[2].txt (ID = 2926) 5:26 PM: Found Spy Cookie: maxserving cookie 5:26 PM: tom@maxserving[1].txt (ID = 2966) 5:26 PM: Found Spy Cookie: metareward.com cookie 5:26 PM: tom@metareward[1].txt (ID = 2990) 5:26 PM: tom@msnportal.112.2o7[1].txt (ID = 1958) 5:26 PM: Found Spy Cookie: nextag cookie 5:26 PM: tom@nextag[2].txt (ID = 5014) 5:26 PM: Found Spy Cookie: paycounter cookie 5:26 PM: tom@paycounter[2].txt (ID = 3115) 5:26 PM: Found Spy Cookie: overture cookie 5:26 PM: tom@perf.overture[1].txt (ID = 3106) 5:26 PM: Found Spy Cookie: pub cookie 5:26 PM: tom@pub[1].txt (ID = 3205) 5:26 PM: Found Spy Cookie: qksrv cookie 5:26 PM: tom@qksrv[1].txt (ID = 3213) 5:26 PM: Found Spy Cookie: questionmarket cookie 5:26 PM: tom@questionmarket[1].txt (ID = 3217) 5:26 PM: Found Spy Cookie: realmedia cookie 5:26 PM: tom@realmedia[1].txt (ID = 3235) 5:26 PM: Found Spy Cookie: revenue.net cookie 5:26 PM: tom@revenue[1].txt (ID = 3257) 5:26 PM: Found Spy Cookie: rn11 cookie 5:26 PM: tom@rn11[2].txt (ID = 3261) 5:26 PM: Found Spy Cookie: servedby advertising cookie 5:26 PM: tom@servedby.advertising[1].txt (ID = 3335) 5:26 PM: Found Spy Cookie: serving-sys cookie 5:26 PM: tom@serving-sys[2].txt (ID = 3343) 5:26 PM: Found Spy Cookie: sexlist cookie 5:26 PM: tom@sexlist[1].txt (ID = 3353) 5:26 PM: Found Spy Cookie: spywarestormer cookie 5:26 PM: tom@spywarestormer[1].txt (ID = 3417) 5:26 PM: tom@starware[2].txt (ID = 3441) 5:26 PM: Found Spy Cookie: reliablestats cookie 5:26 PM: tom@stats1.reliablestats[2].txt (ID = 3254) 5:26 PM: Found Spy Cookie: toplist cookie 5:26 PM: tom@toplist[1].txt (ID = 3557) 5:26 PM: Found Spy Cookie: tradedoubler cookie 5:26 PM: tom@tradedoubler[2].txt (ID = 3575) 5:26 PM: Found Spy Cookie: trafficmp cookie 5:26 PM: tom@trafficmp[1].txt (ID = 3581) 5:26 PM: Found Spy Cookie: tribalfusion cookie 5:26 PM: tom@tribalfusion[1].txt (ID = 3589) 5:26 PM: tom@trucks.about[1].txt (ID = 2038) 5:26 PM: tom@www.screensavers[1].txt (ID = 3298) 5:26 PM: tom@www.starware[1].txt (ID = 3442) 5:26 PM: tom@yieldmanager[1].txt (ID = 3749) 5:26 PM: Found Spy Cookie: adserver cookie 5:26 PM: tom@z1.adserver[2].txt (ID = 2142) 5:26 PM: Found Spy Cookie: zedo cookie 5:26 PM: tom@zedo[2].txt (ID = 3762) 5:26 PM: Found Spy Cookie: 247realmedia cookie 5:26 PM: chel@247realmedia[2].txt (ID = 1953) 5:26 PM: chel@2o7[1].txt (ID = 1957) 5:26 PM: chel@about[1].txt (ID = 2037) 5:26 PM: chel@ad.yieldmanager[2].txt (ID = 3751) 5:26 PM: chel@adknowledge[1].txt (ID = 2072) 5:26 PM: chel@adopt.specificclick[1].txt (ID = 3400) 5:26 PM: Found Spy Cookie: adprofile cookie 5:26 PM: chel@adprofile[2].txt (ID = 2084) 5:26 PM: chel@adrevolver[1].txt (ID = 2088) 5:26 PM: chel@adrevolver[3].txt (ID = 2088) 5:26 PM: Found Spy Cookie: addynamix cookie 5:26 PM: chel@ads.addynamix[2].txt (ID = 2062) 5:26 PM: chel@ads.pointroll[2].txt (ID = 3148) 5:26 PM: Found Spy Cookie: adtech cookie 5:26 PM: chel@adtech[2].txt (ID = 2155) 5:26 PM: Found Spy Cookie: adultfriendfinder cookie 5:26 PM: chel@adultfriendfinder[2].txt (ID = 2165) 5:26 PM: chel@advertising[1].txt (ID = 2175) 5:26 PM: chel@apmebf[2].txt (ID = 2229) 5:26 PM: Found Spy Cookie: aptimus cookie 5:26 PM: chel@aptimus[2].txt (ID = 2233) 5:26 PM: chel@ask[1].txt (ID = 2245) 5:26 PM: chel@atdmt[2].txt (ID = 2253) 5:26 PM: chel@ath.belnk[2].txt (ID = 2293) 5:26 PM: Found Spy Cookie: atwola cookie 5:26 PM: chel@atwola[1].txt (ID = 2255) 5:26 PM: Found Spy Cookie: howstuffworks cookie 5:26 PM: chel@auto.howstuffworks[1].txt (ID = 2806) 5:26 PM: Found Spy Cookie: bannerspace cookie 5:26 PM: chel@bannerspace[1].txt (ID = 2284) 5:26 PM: chel@banner[1].txt (ID = 2276) 5:26 PM: chel@beadwork.about[2].txt (ID = 2038) 5:26 PM: chel@belnk[2].txt (ID = 2292) 5:26 PM: chel@bluestreak[1].txt (ID = 2314) 5:26 PM: Found Spy Cookie: bravenet cookie 5:26 PM: chel@bravenet[2].txt (ID = 2322) 5:26 PM: chel@burstnet[2].txt (ID = 2336) 5:26 PM: chel@c5.zedo[1].txt (ID = 3763) 5:26 PM: chel@casalemedia[1].txt (ID = 2354) 5:26 PM: Found Spy Cookie: centrport net cookie 5:26 PM: chel@centrport[2].txt (ID = 2374) 5:26 PM: chel@classmates[2].txt (ID = 2384) 5:26 PM: Found Spy Cookie: clickbank cookie 5:26 PM: chel@clickbank[2].txt (ID = 2398) 5:26 PM: chel@cnn.122.2o7[1].txt (ID = 1958) 5:26 PM: Found Spy Cookie: commission junction cookie 5:26 PM: chel@commission-junction[1].txt (ID = 2455) 5:26 PM: Found Spy Cookie: coolsavings cookie 5:26 PM: chel@coolsavings[1].txt (ID = 2465) 5:26 PM: chel@data.coremetrics[1].txt (ID = 2472) 5:26 PM: chel@dist.belnk[1].txt (ID = 2293) 5:26 PM: chel@edge.ru4[1].txt (ID = 3269) 5:26 PM: chel@ehealthcaresolutions.122.2o7[1].txt (ID = 1958) 5:26 PM: chel@fastclick[2].txt (ID = 2651) 5:26 PM: chel@gogreece.about[1].txt (ID = 2038) 5:26 PM: chel@howstuffworks[2].txt (ID = 2805) 5:26 PM: chel@jewelrymaking.about[1].txt (ID = 2038) 5:26 PM: chel@linksynergy[2].txt (ID = 2926) 5:26 PM: chel@maxserving[1].txt (ID = 2966) 5:26 PM: chel@microsofteup.112.2o7[1].txt (ID = 1958) 5:26 PM: chel@mp3.about[1].txt (ID = 2038) 5:26 PM: chel@msnportal.112.2o7[1].txt (ID = 1958) 5:26 PM: chel@network.aptimus[1].txt (ID = 2235) 5:26 PM: chel@nextag[1].txt (ID = 5014) 5:26 PM: chel@northwestairlines.112.2o7[1].txt (ID = 1958) 5:26 PM: chel@overture[1].txt (ID = 3105) 5:26 PM: chel@perf.overture[1].txt (ID = 3106) 5:26 PM: Found Spy Cookie: pro-market cookie 5:26 PM: chel@pro-market[2].txt (ID = 3197) 5:26 PM: chel@qksrv[1].txt (ID = 3213) 5:26 PM: chel@questionmarket[1].txt (ID = 3217) 5:26 PM: chel@realmedia[2].txt (ID = 3235) 5:26 PM: chel@revenue[1].txt (ID = 3257) 5:26 PM: Found Spy Cookie: server.iad.liveperson cookie 5:26 PM: chel@server.iad.liveperson[1].txt (ID = 3341) 5:26 PM: chel@serving-sys[2].txt (ID = 3343) 5:26 PM: Found Spy Cookie: servlet cookie 5:26 PM: chel@servlet[2].txt (ID = 3345) 5:26 PM: Found Spy Cookie: dealtime cookie 5:26 PM: chel@stat.dealtime[2].txt (ID = 2506) 5:26 PM: Found Spy Cookie: onestat.com cookie 5:26 PM: chel@stat.onestat[2].txt (ID = 3098) 5:26 PM: Found Spy Cookie: statcounter cookie 5:26 PM: chel@statcounter[2].txt (ID = 3447) 5:26 PM: chel@stats1.reliablestats[1].txt (ID = 3254) 5:26 PM: Found Spy Cookie: webtrendslive cookie 5:26 PM: chel@statse.webtrendslive[1].txt (ID = 3667) 5:26 PM: Found Spy Cookie: targetnet cookie 5:26 PM: chel@targetnet[2].txt (ID = 3489) 5:26 PM: chel@tradedoubler[1].txt (ID = 3575) 5:26 PM: chel@trafficmp[2].txt (ID = 3581) 5:26 PM: chel@tribalfusion[1].txt (ID = 3589) 5:26 PM: Found Spy Cookie: tripod cookie 5:26 PM: chel@tripod[1].txt (ID = 3591) 5:26 PM: chel@twci.coremetrics[1].txt (ID = 2472) 5:26 PM: Found Spy Cookie: burstbeacon cookie 5:26 PM: chel@www.burstbeacon[2].txt (ID = 2335) 5:26 PM: chel@z1.adserver[1].txt (ID = 2142) 5:26 PM: chel@zedo[2].txt (ID = 3762) 5:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:22 5:26 PM: Starting File Sweep 5:58 PM: File Sweep Complete, Elapsed Time: 00:32:08 5:58 PM: Full Sweep has completed. Elapsed time 00:42:13 5:58 PM: Traces Found: 147 6:24 PM: Your spyware definitions have been updated. 6:24 PM: | End of Session, Monday, December 05, 2005 | ******** 5:13 PM: | Start of Session, Monday, December 05, 2005 | 5:13 PM: Spy Sweeper started 5:14 PM: Your spyware definitions have been updated. 5:16 PM: | End of Session, Monday, December 05, 2005 | The Ewido prorgram won't finish the scan, as soon as it tries ot remove a malware cookie it pauses and then I get an error report and the program shuts down. I'm going to try to uninstall it, and then reinstall it and see if that helps. I'll be back! Thanks CHel!

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 December 2005 - 11:03 PM

I need to see the ewido log and a new hijackthis log please.

#5 chelsea

chelsea

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 08 December 2005 - 03:10 PM

Here's the Ewido log
wido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:30:50 PM, 12/8/2005
+ Report-Checksum: 1815379C

+ Scan result:

C:\Documents and Settings\Chel\Cookies\chel@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Ignored
C:\Documents and Settings\Chel\Cookies\chel@advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Chel\Cookies\chel@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Chel\Cookies\chel@bfast[1].txt -> Spyware.Cookie.Bfast : Ignored
C:\Documents and Settings\Chel\Cookies\chel@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\Chel\Cookies\chel@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\Chel\Cookies\chel@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Ignored
C:\Documents and Settings\Chel\Cookies\chel@com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Chel\Cookies\chel@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wfkicndjedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Chel\Cookies\chel@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Chel\Local Settings\Temporary Internet Files\Content.IE5\6AQUY5OP\mm[1].js -> Spyware.Chitika : Ignored
C:\Documents and Settings\Chel\Local Settings\Temporary Internet Files\Content.IE5\HESK6VGG\mm[1].js -> Spyware.Chitika : Ignored
C:\Documents and Settings\Chel\Local Settings\Temporary Internet Files\Content.IE5\HESK6VGG\mm[2].js -> Spyware.Chitika : Ignored
C:\WINDOWS\system32\ddcyv.dll -> Downloader.ConHook.n : Ignored
C:\Documents and Settings\Chel\Cookies\chel@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wfl4uhd5ihp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wflouhcjsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wfmyspd5wep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wjkyaodjibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wjl4kgajabp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wjmyajczwcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wjnyeidjago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wjnyqid5ido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-adteractive.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-aha.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-bcstore.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-consumersunion.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-idg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-kodak.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@ehg-newscientist.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@sec1.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@e-2dj6wfkyemazikp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@e-2dj6wjkoaodpkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@e-2dj6wjl4wld5weo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@e-2dj6wjloohczicp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@e-2dj6wjmyckdpilo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@ehg-classifiedventures.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@ehg-mountaingear.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Tom\Cookies\tom@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup


::Report End

AND THE NEW HIJACK THIS LOG




Here's the new Hijack this log


Logfile of HijackThis v1.97.7
Scan saved at 1:01:40 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cocc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab



THE SPY SWEEPER LOG IS IN THE PREVIOUS POST LET ME KNOW IF I CAN DO ANYTHING ELSE THANKS!

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 08 December 2005 - 05:57 PM

You need an updated version of Hijackthis which you can get from HERE.

#7 chelsea

chelsea

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 08 December 2005 - 08:23 PM

Ok here's the log from the updated Hijack this
Logfile of HijackThis v1.99.1
Scan saved at 6:18:40 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cocc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Let me know if you need anything else, I'm standing by :)
thanks again!
Chel

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 08 December 2005 - 09:04 PM

Boot to safe mode (tap f8 while bios loads) then scan with ewido and allow it to clean everything. Then please do a scan at the link below and post both its log and the ewido log and a new hijackthis log.

http://www.kaspersky...kavwebscan.html

#9 chelsea

chelsea

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 09 December 2005 - 07:48 PM

Here's the Ewido scan
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:43:45 AM, 12/9/2005
+ Report-Checksum: B2917AAE

+ Scan result:

C:\Documents and Settings\Chel\Cookies\chel@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@e-2dj6wfkicndjedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Chel\Cookies\chel@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chel\Local Settings\Temporary Internet Files\Content.IE5\6AQUY5OP\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Chel\Local Settings\Temporary Internet Files\Content.IE5\HESK6VGG\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Chel\Local Settings\Temporary Internet Files\Content.IE5\HESK6VGG\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\system32\ddcyv.dll -> Downloader.ConHook.n : Cleaned with backup



Here's the Kapersky log

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 09, 2005 17:36:51
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 10/12/2005
Kaspersky Anti-Virus database records: 154261
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Chel\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 10330
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 399 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.







Here's the new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 5:39:19 PM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cocc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Ok that's it, am I clean? maybe? If so please let me know what programs I should leave installed and what ones I shouldn't, and also if I should install a the search and destroy pack, and a new firewall. ANyone info is much appreciated. Thank You!
Chel

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 December 2005 - 09:43 PM

Looks ok how is it running?

#11 chelsea

chelsea

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 10 December 2005 - 11:47 AM

Seems to be running faster than before, and no more pop up alerts from Norton. chel

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 10 December 2005 - 10:16 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·