Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Spyware and Pop-Up Problems

Started by orca16588 , Jan 17 2006 06:40 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 17 January 2006 - 06:40 PM

I've had problems with pop-ups for the past two weeks, but AdAware SE doesn't find anything nor does McAfee. The few times McAfee did find something, I was able to take care of it but the pop-ups still continued. Now when I start up my computer I occasionally get a message saying winlogin.exe has to quit, or my computer will begin making the error sound repeatedly and I am unable to open anything new or open up Windows Task Manager. This started today and one of the processes active was IEXPLORER.EXE and I've been having problems with Internet Explorer. My main browser is the most recent version of Mozilla and I rarely use Internet Explorer, but a lot of pop-ups open in explorer. I ran HijackThis and here is that log below. I'd appreaciate any help. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:39:19 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Michael Deibert\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [0go40rm8.dll] RUNDLL32.EXE 0go40rm8.dll,b 194361937
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcaf...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134081331546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\hr6q05j5e.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Advertisements

Register to Remove

#2 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 21 January 2006 - 03:59 PM

Hello Michael and welcome to TomCoyote forum, here is your problem:
Winlogon Notify App Management, App Paths, Applets, BITS, Control
Panel, Controls Folder, CSCSettings, DateTime, Dynamic
Directory, Explorer X random named dll in the System32 folder Variant of Adware.Look2Me

We have been using the Spy Sweeper 4.5 - Free Trial with good success if you will follow the directions.
You will find the download at the bottom of this page: http://www.webroot.c...er/latestv.html
Now follow these directions: Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer <<< this is very important and then please copy and paste the SpySweeper log and a new HJT log into this thread.

I want to ask about this item: O4 - HKLM\..\Run: [0go40rm8.dll] RUNDLL32.EXE 0go40rm8.dll,b 194361937 <<< Do you know what it is?

This item: O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe was probably installed along with another Logitech product because the EULA agreement was not read. Do you use it? If not, look in Add Remove programs and uninstall it.

Thanks...pskelley
TomCoyote forum
Expert Member
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 21 January 2006 - 05:58 PM

here are the two scans....i've also been getting help from another friend, so i don't know what has already been taken care of. though i did follow your instructions as well.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 6:53:57 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stickies\Stickies.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Michael Deibert\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcaf...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134081331546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\n0p4la7q1d.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

********
6:00 PM: | Start of Session, Saturday, January 21, 2006 |
6:00 PM: Spy Sweeper started
6:00 PM: Sweep initiated using definitions version 604
6:00 PM: Starting Memory Sweep
6:04 PM: Memory Sweep Complete, Elapsed Time: 00:03:28
6:04 PM: Starting Registry Sweep
6:04 PM: Found Adware: quicklink search toolbar
6:04 PM: HKLM\software\ql\ (3 subtraces) (ID = 359458)
6:04 PM: Found Adware: winantispyware 2005
6:04 PM: HKLM\system\currentcontrolset\control\class\{29ae0e04-08b8-4d2f-bfbe-83fb0ec73bb7}\ (3 subtraces) (ID = 795420)
6:04 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)
6:04 PM: Found Adware: dollarrevenue
6:04 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
6:04 PM: Found Adware: command
6:04 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
6:04 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
6:04 PM: Found Adware: findthewebsiteyouneed hijack
6:04 PM: HKU\S-1-5-21-1275210071-115176313-725345543-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
6:04 PM: Registry Sweep Complete, Elapsed Time:00:00:16
6:04 PM: Starting Cookie Sweep
6:04 PM: Found Spy Cookie: websponsors cookie
6:04 PM: system@a.websponsors[2].txt (ID = 3665)
6:04 PM: Found Spy Cookie: adecn cookie
6:04 PM: system@adecn[2].txt (ID = 2063)
6:04 PM: Found Spy Cookie: adknowledge cookie
6:04 PM: system@adknowledge[2].txt (ID = 2072)
6:04 PM: Found Spy Cookie: clickandtrack cookie
6:04 PM: system@hits.clickandtrack[2].txt (ID = 2397)
6:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:04 PM: Starting File Sweep
6:04 PM: c:\program files\ql (1 subtraces) (ID = -2147463315)
6:04 PM: c:\program files\winantispyware 2005 (ID = -2147472152)
6:04 PM: c:\program files\common files\winsoftware (ID = -2147476682)
6:05 PM: Found Adware: targetsaver
6:05 PM: tsupdate2[1].ini (ID = 193498)
6:14 PM: class-barrel (ID = 78229)
6:14 PM: vocabulary (ID = 78283)
6:23 PM: no5gmhiinf1hlo5flplo.vbs (ID = 185675)
6:23 PM: donotdelete[1].htm (ID = 198788)
6:23 PM: drsmartload.dat (ID = 198788)
6:23 PM: File Sweep Complete, Elapsed Time: 00:19:10
6:23 PM: Full Sweep has completed. Elapsed time 00:23:05
6:23 PM: Traces Found: 44
6:48 PM: Removal process initiated
6:48 PM: Quarantining All Traces: dollarrevenue
6:48 PM: Quarantining All Traces: command
6:48 PM: Quarantining All Traces: findthewebsiteyouneed hijack
6:48 PM: Quarantining All Traces: quicklink search toolbar
6:48 PM: Quarantining All Traces: targetsaver
6:48 PM: Quarantining All Traces: adecn cookie
6:48 PM: Quarantining All Traces: adknowledge cookie
6:48 PM: Quarantining All Traces: clickandtrack cookie
6:48 PM: Quarantining All Traces: websponsors cookie
6:48 PM: Quarantining All Traces: winantispyware 2005
6:48 PM: Removal process completed. Elapsed time 00:00:12
********
5:59 PM: | Start of Session, Saturday, January 21, 2006 |
5:59 PM: Spy Sweeper started
6:00 PM: Your spyware definitions have been updated.
6:00 PM: | End of Session, Saturday, January 21, 2006 |

#4 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 21 January 2006 - 06:47 PM

OK Michael, let's do this to make sure you are good and clean.
I do want to mention that ewido and SS use a lot of resources and cleaning the Prefetch will slow windows down a little also. Once we finish, SpySweeper (after the trial) should be uninstalled and ewido should be turned off and just started manually if you wish to use the scanner. Prefetch will repopulate quickly and you should be back to speed at that point.

1) Turn off TeaTimer until you are done, it will block our fix.
http://russelltexas....re/teatimer.htm

2) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

3) You have ewido onboard, open the program and update it first, then click the scanner and choose complete system scan. Allow ewido to remove anything it finds unless you know it is not bad. Make sure you save the scan report, I need to see it.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\n0p4la7q1d.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Windows\Prefetch\ >>> delete everything in this folder (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

If you do not have a good cleaner, use this one with these directions: Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

Hopefully that will do it, post the ewido scan report and a new HJT log for a last look. Tell me how the computer is running.

Since bad stuff may have gotten backed up in System Restore, use these instructions to get clean SR files.
http://service1.syma...src=sec_doc_nam

Thanks...Phil
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 orca16588

orca16588

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 21 January 2006 - 08:38 PM

so far my computer is running fine, I don't have any pop-ups coming up. here is the ewido log and a new HJT log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:24:17 PM, 1/21/2006
+ Report-Checksum: 5EA49DCF

+ Scan result:

:mozilla.17:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Michael Deibert\Application Data\Mozilla\Firefox\Profiles\rq6k6vtz.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 9:36:33 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Michael Deibert\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Stickies\Stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcaf...22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134081331546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#6 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 21 January 2006 - 09:11 PM

OK Michael, Good job :thumbup: ewido found mostly nasty cookies, here is some information to help you control those cookies in Firefox:
http://privacy.getne...fdisablecookies
http://www.mozilla.o..._priv_help.html

Your HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

Don't forget, ewido: you can keep, update and use the scanner for as long as you like, but turn it off unless you purchase it. SpySweeper is of no benefit at all after the trial period, so unless you own it, uninstall it.

Safe surfing...Phil :wavey:

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#7 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 23 January 2006 - 08:19 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·