Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Cannot access websites


  • This topic is locked This topic is locked
17 replies to this topic

#1 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 27 February 2006 - 06:57 AM

I can not access hotmail or any sites associated with MSN except the homepage. I am not able to access of other popular websites. Windows defender detects a possible host file hijack. I remove it and it keeps on coming back. This is copy of my hijackthis log. Thanks ahead of time for your help.

Logfile of HijackThis v1.99.1
Scan saved at 9:48:06 PM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\CDProxyServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Icons\SetIcon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116931611046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136723482484
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: XCP DRM Server ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove


#2 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 28 February 2006 - 07:14 AM

I am adding an updated hijackthislog. I have run spysweeper, spybot, ad-ware, ewido, windows defender and symantic/nortons.

Logfile of HijackThis v1.99.1
Scan saved at 10:08:52 PM, on 2/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Icons\SetIcon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\CDProxyServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116931611046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136723482484
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: XCP DRM Server ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 February 2006 - 09:02 PM

Hello shayray,

You have the Sony Rootkit: You can go here and read about it.
http://cp.sonybmg.co...sh/updates.html

Please download and run the Uninstaller.exe
The XCP software tool is available for download here as an EXECUTABLE (2.3 MB)

After reboot:



This is what I suggest you do.


Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#4 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 01 March 2006 - 04:51 AM

I still cannot access several websites. I get the page cannot be displayed message. Cannot find server. Here are the logs.


Logfile of HijackThis v1.99.1
Scan saved at 7:43:01 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Icons\SetIcon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116931611046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136723482484
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:34:36 PM, 3/1/2006
+ Report-Checksum: DA9F6A4

+ Scan result:

C:\Documents and Settings\Shay Ray\Cookies\shay ray@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup


::Report End

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 March 2006 - 06:45 AM

Can you run another Spysweeper scan please:
Make sure you get all the updates.

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#6 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 01 March 2006 - 07:29 AM

No change. Still can not access websites. Here are my logs.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:15 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Icons\SetIcon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116931611046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136723482484
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

********
9:54 PM: | Start of Session, Wednesday, March 01, 2006 |
9:54 PM: Spy Sweeper started
9:54 PM: Sweep initiated using definitions version 623
9:54 PM: Starting Memory Sweep
9:59 PM: Memory Sweep Complete, Elapsed Time: 00:04:31
9:59 PM: Starting Registry Sweep
9:59 PM: Registry Sweep Complete, Elapsed Time:00:00:20
9:59 PM: Starting Cookie Sweep
9:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:59 PM: Starting File Sweep
10:14 PM: Warning: Unhandled Archive Type
10:14 PM: Warning: Unhandled Archive Type
10:14 PM: Warning: Unhandled Archive Type
10:15 PM: Warning: Unhandled Archive Type
10:15 PM: Warning: Unhandled Archive Type
10:15 PM: Warning: Unhandled Archive Type
10:15 PM: File Sweep Complete, Elapsed Time: 00:15:37
10:15 PM: Full Sweep has completed. Elapsed time 00:20:34
10:15 PM: Traces Found: 0
10:15 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
********
4:46 AM: | Start of Session, Thursday, February 23, 2006 |
4:46 AM: Spy Sweeper started
4:46 AM: Sweep initiated using definitions version 618
4:46 AM: Starting Memory Sweep
4:51 AM: Memory Sweep Complete, Elapsed Time: 00:04:23
4:51 AM: Starting Registry Sweep
4:51 AM: Registry Sweep Complete, Elapsed Time:00:00:21
4:51 AM: Starting Cookie Sweep
4:51 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:51 AM: Starting File Sweep
5:04 AM: File Sweep Complete, Elapsed Time: 00:12:36
5:04 AM: Full Sweep has completed. Elapsed time 00:17:26
5:04 AM: Traces Found: 0
5:18 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:18 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:18 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:18 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:20 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:20 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:20 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:21 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:24 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:26 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:35 PM: IE Security Shield: found: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE -- IE Security modification denied
5:38 PM: IE Security Shield: found: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE -- IE Security modification denied
5:41 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:41 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:41 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:41 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:41 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:41 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:42 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:42 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:42 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:43 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:43 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:44 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:46 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:46 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:46 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:46 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:46 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:46 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:46 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:46 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:46 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:47 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:47 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:47 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:47 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:47 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:50 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:50 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:50 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:50 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:50 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:50 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:50 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:50 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:50 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:50 PM: IE Tracking Cookies Shield: Removed zedo cookie
5:57 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:57 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:57 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:57 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:57 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:01 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:01 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:01 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:02 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:02 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:03 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:03 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:03 PM: IE Tracking Cookies Shield: Removed belnk cookie
6:03 PM: IE Tracking Cookies Shield: Removed belnk cookie
6:03 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:03 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:04 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:05 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:05 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:05 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:06 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:05 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:10 PM: Your spyware definitions have been updated.
7:22 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:22 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:22 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:23 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:23 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:13 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:17 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:17 PM: IE Tracking Cookies Shield: Removed belnk cookie
10:17 PM: IE Tracking Cookies Shield: Removed belnk cookie
10:17 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:17 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:18 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:18 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:18 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:18 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:19 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:21 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:21 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:21 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
11:22 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
6:14 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:14 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:14 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:14 AM: IE Tracking Cookies Shield: Removed belnk cookie
6:14 AM: IE Tracking Cookies Shield: Removed belnk cookie
6:14 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:15 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:15 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:15 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:16 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:08 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:23 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:26 PM: Processing Startup Alerts
4:26 PM: Removed Startup entry: BigDogPath
6:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:42 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:42 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:43 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:44 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:53 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:49 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:05 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:06 PM: IE Tracking Cookies Shield: Removed pointroll cookie
8:06 PM: IE Tracking Cookies Shield: Removed pointroll cookie
8:07 PM: IE Tracking Cookies Shield: Removed pointroll cookie
8:08 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:09 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:09 PM: The Spy Communication shield has blocked access to: webpdp.gator.com
8:09 PM: The Spy Communication shield has blocked access to: webpdp.gator.com
8:09 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:09 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:09 PM: IE Tracking Cookies Shield: Removed paypopup cookie
8:09 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:09 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:09 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:09 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:09 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:10 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:10 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:10 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:10 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:10 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:11 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:11 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:11 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:11 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:11 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:12 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:12 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:12 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:12 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:12 PM: IE Tracking Cookies Shield: Removed belnk cookie
8:12 PM: IE Tracking Cookies Shield: Removed valuead cookie
8:13 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:13 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:13 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:13 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:13 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:13 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:20 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
8:20 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
8:21 PM: IE Tracking Cookies Shield: Removed pointroll cookie
8:21 PM: IE Tracking Cookies Shield: Removed pointroll cookie
9:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:35 PM: IE Tracking Cookies Shield: Removed tacoda cookie
9:36 PM: IE Tracking Cookies Shield: Removed tacoda cookie
9:36 PM: IE Tracking Cookies Shield: Removed trb.com cookie
9:37 PM: IE Tracking Cookies Shield: Removed tacoda cookie
9:37 PM: IE Tracking Cookies Shield: Removed trb.com cookie
9:38 PM: IE Tracking Cookies Shield: Removed tacoda cookie
9:38 PM: IE Tracking Cookies Shield: Removed trb.com cookie
9:39 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:42 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:58 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:04 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:04 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:05 AM: IE Tracking Cookies Shield: Removed pointroll cookie
5:05 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:05 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:15 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:19 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:19 AM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:19 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:20 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:20 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:21 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:23 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:24 AM: IE Tracking Cookies Shield: Removed pointroll cookie
6:24 AM: IE Tracking Cookies Shield: Removed pointroll cookie
6:24 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
3:17 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
3:22 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:29 PM: Your spyware definitions have been updated.
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:36 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:39 PM: IE Tracking Cookies Shield: Removed ru4 cookie
6:39 PM: IE Tracking Cookies Shield: Removed ru4 cookie
6:39 PM: IE Tracking Cookies Shield: Removed questionmarket cookie
6:41 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:41 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:41 PM: IE Tracking Cookies Shield: Removed belnk cookie
6:41 PM: IE Tracking Cookies Shield: Removed belnk cookie
6:42 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:42 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:42 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:42 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:42 PM: IE Tracking Cookies Shield: Removed belnk cookie
6:42 PM: IE Tracking Cookies Shield: Removed belnk cookie
6:42 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:48 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:48 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
6:48 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
6:50 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:50 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:20 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:21 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:21 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:21 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:21 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:24 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
7:59 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
7:59 PM: IE Tracking Cookies Shield: Removed myaffiliateprogram.com cookie
8:41 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:09 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:33 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
11:27 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:09 PM: Warning: Access is denied
4:11 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
5:46 PM: IE Tracking Cookies Shield: Removed hbmediapro cookie
5:46 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:46 PM: IE Tracking Cookies Shield: Removed belnk cookie
5:46 PM: IE Tracking Cookies Shield: Removed clickandtrack cookie
5:46 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:46 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
7:38 PM: Your spyware definitions have been updated.
7:39 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:44 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:50 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:51 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:51 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:51 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:39 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:49 PM: IE Tracking Cookies Shield: Removed pointroll cookie
9:49 PM: IE Tracking Cookies Shield: Removed overture cookie
9:49 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:49 PM: IE Tracking Cookies Shield: Removed overture cookie
9:49 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:52 PM: Updating spyware definitions
9:52 PM: Your definitions are up to date.
9:54 PM: | End of Session, Wednesday, March 01, 2006 |
********
7:10 PM: | Start of Session, Wednesday, February 22, 2006 |
7:10 PM: Spy Sweeper started
7:10 PM: Sweep initiated using definitions version 618
7:10 PM: Starting Memory Sweep
7:14 PM: Memory Sweep Complete, Elapsed Time: 00:04:08
7:14 PM: Starting Registry Sweep
7:14 PM: Registry Sweep Complete, Elapsed Time:00:00:17
7:14 PM: Starting Cookie Sweep
7:14 PM: Found Spy Cookie: addynamix cookie
7:14 PM: shalise@ads.addynamix[1].txt (ID = 2062)
7:14 PM: Found Spy Cookie: pointroll cookie
7:14 PM: shalise@ads.pointroll[2].txt (ID = 3148)
7:14 PM: Found Spy Cookie: advertising cookie
7:14 PM: shalise@advertising[1].txt (ID = 2175)
7:14 PM: Found Spy Cookie: atlas dmt cookie
7:14 PM: shalise@atdmt[2].txt (ID = 2253)
7:14 PM: Found Spy Cookie: mediaplex cookie
7:14 PM: shalise@mediaplex[1].txt (ID = 6442)
7:14 PM: Found Spy Cookie: nextag cookie
7:14 PM: shalise@nextag[2].txt (ID = 5014)
7:14 PM: Found Spy Cookie: questionmarket cookie
7:14 PM: shalise@questionmarket[1].txt (ID = 3217)
7:14 PM: Found Spy Cookie: servedby advertising cookie
7:14 PM: shalise@servedby.advertising[2].txt (ID = 3335)
7:14 PM: Found Spy Cookie: adserver cookie
7:14 PM: shalise@z1.adserver[1].txt (ID = 2142)
7:14 PM: Found Spy Cookie: 2o7.net cookie
7:14 PM: shay ray@2o7[1].txt (ID = 1957)
7:14 PM: Found Spy Cookie: yieldmanager cookie
7:14 PM: shay ray@ad.yieldmanager[2].txt (ID = 3751)
7:14 PM: shay ray@ads.addynamix[1].txt (ID = 2062)
7:14 PM: shay ray@ads.pointroll[2].txt (ID = 3148)
7:14 PM: Found Spy Cookie: revenue.net cookie
7:14 PM: shay ray@ads1.revenue[1].txt (ID = 3258)
7:14 PM: Found Spy Cookie: adserver.trb cookie
7:14 PM: shay ray@adserver.trb[1].txt (ID = 2147)
7:14 PM: shay ray@advertising[1].txt (ID = 2175)
7:14 PM: shay ray@atdmt[2].txt (ID = 2253)
7:14 PM: Found Spy Cookie: belnk cookie
7:14 PM: shay ray@belnk[1].txt (ID = 2292)
7:14 PM: Found Spy Cookie: overture cookie
7:14 PM: shay ray@data4.perf.overture[1].txt (ID = 3106)
7:14 PM: shay ray@dist.belnk[2].txt (ID = 2293)
7:14 PM: shay ray@microsofteup.112.2o7[1].txt (ID = 1958)
7:14 PM: shay ray@msnportal.112.2o7[1].txt (ID = 1958)
7:14 PM: shay ray@perf.overture[1].txt (ID = 3106)
7:14 PM: shay ray@questionmarket[2].txt (ID = 3217)
7:14 PM: shay ray@revenue[1].txt (ID = 3257)
7:14 PM: Found Spy Cookie: serving-sys cookie
7:14 PM: shay ray@serving-sys[2].txt (ID = 3343)
7:14 PM: Found Spy Cookie: targetnet cookie
7:14 PM: shay ray@targetnet[1].txt (ID = 3489)
7:14 PM: Found Spy Cookie: trafficmp cookie
7:14 PM: shay ray@trafficmp[1].txt (ID = 3581)
7:14 PM: shay ray@z1.adserver[1].txt (ID = 2142)
7:14 PM: Found Spy Cookie: zedo cookie
7:14 PM: shay ray@zedo[2].txt (ID = 3762)
7:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
7:14 PM: Starting File Sweep
7:26 PM: File Sweep Complete, Elapsed Time: 00:12:02
7:26 PM: Full Sweep has completed. Elapsed time 00:16:35
7:26 PM: Traces Found: 30
7:27 PM: Removal process initiated
7:27 PM: Quarantining All Traces: 2o7.net cookie
7:27 PM: Quarantining All Traces: addynamix cookie
7:27 PM: Quarantining All Traces: adserver cookie
7:27 PM: Quarantining All Traces: adserver.trb cookie
7:27 PM: Quarantining All Traces: advertising cookie
7:27 PM: Quarantining All Traces: atlas dmt cookie
7:27 PM: Quarantining All Traces: belnk cookie
7:27 PM: Quarantining All Traces: mediaplex cookie
7:27 PM: Quarantining All Traces: nextag cookie
7:27 PM: Quarantining All Traces: overture cookie
7:27 PM: Quarantining All Traces: pointroll cookie
7:27 PM: Quarantining All Traces: questionmarket cookie
7:27 PM: Quarantining All Traces: revenue.net cookie
7:27 PM: Quarantining All Traces: servedby advertising cookie
7:27 PM: Quarantining All Traces: serving-sys cookie
7:27 PM: Quarantining All Traces: targetnet cookie
7:27 PM: Quarantining All Traces: trafficmp cookie
7:27 PM: Quarantining All Traces: yieldmanager cookie
7:27 PM: Quarantining All Traces: zedo cookie
7:27 PM: Removal process completed. Elapsed time 00:00:10
7:33 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:35 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:35 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:35 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:36 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:36 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:36 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:37 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:37 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:37 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:37 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:38 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:38 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:38 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:39 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:39 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:39 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:40 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:54 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
7:54 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:54 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:54 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:55 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
7:59 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:00 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:13 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:14 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:15 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:16 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:16 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:16 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:18 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:21 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:24 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:25 PM: IE Tracking Cookies Shield: Removed atlas dmt cookie
8:26 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
8:26 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
8:26 PM: IE Tracking Cookies Shield: Removed fastclick cookie
8:27 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
8:27 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
8:27 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
8:27 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
8:28 PM: IE Tracking Cookies Shield: Removed adjuggler cookie
8:28 PM: IE Tracking Cookies Shield: Removed adjuggler cookie
8:28 PM: IE Tracking Cookies Shield: Removed adjuggler cookie
8:29 PM: IE Tracking Cookies Shield: Removed atlas dmt cookie
8:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:16 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:58 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
9:58 PM: IE Tracking Cookies Shield: Removed belnk cookie
9:58 PM: IE Tracking Cookies Shield: Removed belnk cookie
9:58 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
9:58 PM: IE Tracking Cookies Shield: Removed belnk cookie
9:58 PM: IE Tracking Cookies Shield: Removed belnk cookie
9:59 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
9:59 PM: IE Tracking Cookies Shield: Removed belnk cookie
9:59 PM: IE Tracking Cookies Shield: Removed belnk cookie
9:59 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
9:59 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
9:59 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
9:59 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
9:59 PM: IE Tracking Cookies Shield: Removed zedo cookie
9:59 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
9:59 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
9:59 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
9:59 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:00 PM: IE Tracking Cookies Shield: Removed zedo cookie
10:00 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:00 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:00 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:02 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:03 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:04 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:04 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:04 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:04 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
10:04 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:04 PM: IE Tracking Cookies Shield: Removed advertising cookie
10:04 PM: IE Tracking Cookies Shield: Removed zedo cookie
10:04 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:04 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:04 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:04 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:04 PM: IE Tracking Cookies Shield: Removed zedo cookie
10:04 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
10:04 PM: IE Tracking Cookies Shield: Removed advertising cookie
10:04 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
10:05 PM: IE Tracking Cookies Shield: Removed advertising cookie
10:05 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
10:05 PM: IE Tracking Cookies Shield: Removed revenue.net cookie
10:05 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:05 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:06 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:06 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:07 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:07 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:07 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:07 PM: IE Tracking Cookies Shield: Removed zedo cookie
10:08 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:08 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:08 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:08 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:08 PM: IE Tracking Cookies Shield: Removed zedo cookie
10:08 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:08 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:08 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:08 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:08 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:08 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:08 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:09 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:10 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:10 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:10 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:11 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:12 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:12 PM: IE Tracking Cookies Shield: Removed valuead cookie
10:12 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
10:14 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:26 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:26 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:26 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:28 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:29 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:31 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:31 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:32 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:34 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:34 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:34 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:40 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:40 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:43 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:44 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:44 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:44 AM: IE Tracking Cookies Shield: Removed pointroll cookie
4:44 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:45 AM: IE Security Shield: found: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE -- IE Security modification denied
4:46 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:46 AM: IE Security Shield: found: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE -- IE Security modification denied
4:46 AM: | End of Session, Thursday, February 23, 2006 |
********
7:09 PM: | Start of Session, Wednesday, February 22, 2006 |
7:09 PM: Spy Sweeper started
7:09 PM: Your spyware definitions have been updated.
7:10 PM: | End of Session, Wednesday, February 22, 2006 |

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 March 2006 - 04:37 PM

I suggest you do this:

You To disable SpySweeper because it can stop our fix.

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)


Close ALL windows and browsers except HijackThis and click "Fix checked"


Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf

Click "Save" and save it to your desktop.

Right-click on the deldomains.inf file and select 'install'


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 02 March 2006 - 02:31 AM

Sorry, still no change. Thanks for taking out your time to help me out. Here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 5:28:48 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Icons\SetIcon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116931611046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136723482484
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2006 - 04:19 PM

No change. Still can not access websites.

Did this happen after installing Windows Defender?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 02 March 2006 - 08:37 PM

No this happened before I installed Windows defender. Not being able to access the websites was the reason I installed windows defender and spysweeper.

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2006 - 08:41 PM

See if they are in your restricted zones: With IE open: Tools> Internet Options> Security> Restricted Sites

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 03 March 2006 - 12:28 AM

There are no sites listed in the restricted sites. Should I uninstall windows defender or any of the other spyware programs. Or should I reinstall IE.

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 March 2006 - 03:38 PM

Lets try this:

go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 shayray

shayray

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 03 March 2006 - 06:08 PM

No change, still cannot access stripes.com, legacy.com, hotmail.com, etc. When I try to open msn messenger this is the error I receive. Failed to connect to the service. This could be due to improper proxy or firewall settings. Please review your proxy and firewall settings. Proxy setting can be accessed through MSN Messenger Options. For Firewall settings, please see the retailer's instructions.

Edited by shayray, 03 March 2006 - 06:27 PM.


#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 March 2006 - 06:48 PM

The firewall your using is Symantec Client Firewall. Look at the Security settings in there. You could also check Symantec web site and see if you can find any answers there.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users