Wasted 2 Days Already
#61
Posted 07 June 2006 - 03:55 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
Register to Remove
#62
Posted 07 June 2006 - 04:10 PM
Logfile of HijackThis v1.99.1
Scan saved at 4:44:44 PM, on 6/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120564985247
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp...her/MotUtil.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.suppo...ts/SysQuery.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
#63
Posted 07 June 2006 - 04:13 PM
Edited by MLL, 07 June 2006 - 04:20 PM.
#64
Posted 07 June 2006 - 04:20 PM
C:\WINDOWS\System32\wuauclt.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#65
Posted 07 June 2006 - 04:34 PM
#66
Posted 07 June 2006 - 04:37 PM
wuauclt1.exe is the Windows Update AutoUpdate Client which runs in background to checks with Microsoft website for updates to the operating system. This file is located at "%WinDir%\System32" directory. If you find this file in directory other than System32, you should beware that it is virus or spyware.
Click HERE to download DllCompare. Start the Program with and click the Run Locate.com - be sure the \Windows\System32 directory is in the box and wait until the the blue text says it has 'completed the scan'.
Click the Compare button to start the next process. The results appear in two panes - files in the upper pane have been verified to 'exist', files in the lower pane were 'not able to be accessed'. Very few files should be listed in the lower pane when the Compare scan is complete. Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.
Click the Make a Log of what was found button and post the log here in this thread and wait for further instructions.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#67
Posted 07 June 2006 - 04:57 PM
Edited by MLL, 07 June 2006 - 04:58 PM.
#68
Posted 07 June 2006 - 05:02 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#69
Posted 07 June 2006 - 05:06 PM
Launch ewido and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Note: This can take several minutes to load Sfae Mode.
Then please run Ewido, click on the Scanner run a full scan
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
- Click on Scanner
- Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
- Click Save Report button
- Save the report to your Desktop
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#70
Posted 07 June 2006 - 05:13 PM
Register to Remove
#71
Posted 07 June 2006 - 05:19 PM
#72
Posted 07 June 2006 - 05:20 PM
I'm sure they're coming through IE.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#73
Posted 07 June 2006 - 05:23 PM
#74
Posted 07 June 2006 - 05:25 PM
********
7:04 AM: | Start of Session, Wednesday, June 07, 2006 |
7:04 AM: Spy Sweeper started
7:04 AM: Sweep initiated using definitions version 693
7:04 AM: Starting Memory Sweep
7:05 AM: Memory Sweep Complete, Elapsed Time: 00:01:36
7:05 AM: Starting Registry Sweep
7:06 AM: Registry Sweep Complete, Elapsed Time:00:00:19
7:06 AM: Starting Cookie Sweep
7:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:06 AM: Starting File Sweep
7:11 AM: Found Adware: fullcontext
7:11 AM: srvvqyafkm.exe (ID = 303274)
7:33 AM: File Sweep Complete, Elapsed Time: 00:26:46
7:33 AM: Full Sweep has completed. Elapsed time 00:28:51
7:33 AM: Traces Found: 1
7:47 AM: Removal process initiated
7:47 AM: Quarantining All Traces: fullcontext
7:47 AM: Removal process completed. Elapsed time 00:00:08
********
10:16 PM: | Start of Session, Tuesday, June 06, 2006 |
10:16 PM: Spy Sweeper started
10:16 PM: Sweep initiated using definitions version 693
10:16 PM: Starting Memory Sweep
10:20 PM: Sweep Canceled
10:20 PM: Memory Sweep Complete, Elapsed Time: 00:04:06
10:20 PM: Traces Found: 0
11:14 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
11:14 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
11:14 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
11:14 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
********
10:13 PM: | Start of Session, Monday, June 05, 2006 |
10:13 PM: Spy Sweeper started
10:13 PM: Sweep initiated using definitions version 691
10:13 PM: Starting Memory Sweep
10:15 PM: Memory Sweep Complete, Elapsed Time: 00:01:02
10:15 PM: Starting Registry Sweep
10:15 PM: Registry Sweep Complete, Elapsed Time:00:00:15
10:15 PM: Starting Cookie Sweep
10:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:15 PM: Starting File Sweep
10:16 PM: Found Trojan Horse: trojan downloader matcash
10:16 PM: a0026882.exe (ID = 294587)
10:16 PM: Found Adware: visfx
10:16 PM: a0027293.exe (ID = 244295)
10:16 PM: Found Adware: enbrowser
10:16 PM: a0025729.exe (ID = 270029)
10:16 PM: Found Adware: clkoptimizer
10:16 PM: a0025730.exe (ID = 271215)
10:16 PM: Found Adware: surfsidekick
10:16 PM: a0026743.dll (ID = 302237)
10:16 PM: Found Adware: dollarrevenue
10:16 PM: a0026885.exe (ID = 302233)
10:16 PM: Found Trojan Horse: trojan-downloader-ac2
10:16 PM: a0026888.dll (ID = 276222)
10:16 PM: a0026889.dll (ID = 276222)
10:16 PM: Found Adware: zenosearchassistant
10:16 PM: a0026891.exe (ID = 293)
10:16 PM: Found Adware: purityscan
10:16 PM: a0027224.exe (ID = 296574)
10:16 PM: a0027233.exe (ID = 302231)
10:16 PM: a0027234.exe (ID = 302232)
10:16 PM: a0027235.exe (ID = 302233)
10:16 PM: a0027241.exe (ID = 244277)
10:16 PM: a0027276.exe (ID = 293)
10:16 PM: a0027287.exe (ID = 301896)
10:20 PM: a0027294.exe (ID = 270029)
10:20 PM: a0027299.exe (ID = 300281)
10:41 PM: File Sweep Complete, Elapsed Time: 00:26:32
10:41 PM: Full Sweep has completed. Elapsed time 00:27:58
10:41 PM: Traces Found: 18
10:52 PM: Removal process initiated
10:52 PM: Quarantining All Traces: clkoptimizer
10:52 PM: Quarantining All Traces: purityscan
10:52 PM: Quarantining All Traces: trojan downloader matcash
10:52 PM: Quarantining All Traces: visfx
10:52 PM: Quarantining All Traces: dollarrevenue
10:52 PM: Quarantining All Traces: enbrowser
10:52 PM: Quarantining All Traces: surfsidekick
10:52 PM: Quarantining All Traces: trojan-downloader-ac2
10:52 PM: Quarantining All Traces: zenosearchassistant
10:52 PM: Removal process completed. Elapsed time 00:00:07
10:53 PM: Deletion from quarantine initiated
10:53 PM: Processing: apropos
10:53 PM: Processing: clkoptimizer
10:53 PM: Processing: command
10:53 PM: Processing: coolwebsearch (cws)
10:53 PM: Processing: cws_ns3
10:53 PM: Processing: cws-aboutblank
10:53 PM: Processing: directrevenue-abetterinternet
10:53 PM: Processing: dollarrevenue
10:53 PM: Processing: enbrowser
10:53 PM: Processing: java byteverify
10:53 PM: Processing: linkmaker
10:53 PM: Processing: marketscore
10:53 PM: Processing: purityscan
10:53 PM: Processing: screensavers
10:53 PM: Processing: surfsidekick
10:53 PM: Processing: targetsaver
10:53 PM: Processing: trojan downloader matcash
10:53 PM: Processing: trojan-downloader-ac2
10:53 PM: Processing: trojan-dropper-agenthl
10:53 PM: Processing: visfx
10:53 PM: Processing: zenosearchassistant
10:53 PM: Deletion from quarantine completed. Elapsed time 00:00:01
4:03 PM: Your spyware definitions have been updated.
4:04 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
4:04 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
9:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:04 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:04 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:04 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:04 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:16 PM: | End of Session, Tuesday, June 06, 2006 |
********
10:12 PM: | Start of Session, Monday, June 05, 2006 |
10:12 PM: Spy Sweeper started
10:12 PM: Sweep initiated using definitions version 691
10:12 PM: Starting Memory Sweep
10:13 PM: Sweep Canceled
10:13 PM: Memory Sweep Complete, Elapsed Time: 00:00:47
10:13 PM: Traces Found: 0
10:13 PM: | End of Session, Monday, June 05, 2006 |
********
10:00 PM: | Start of Session, Monday, June 05, 2006 |
10:00 PM: Spy Sweeper started
10:00 PM: Sweep initiated using definitions version 691
10:00 PM: Starting Memory Sweep
10:01 PM: Sweep Canceled
10:01 PM: Memory Sweep Complete, Elapsed Time: 00:00:23
10:01 PM: Traces Found: 0
********
2:11 PM: | Start of Session, Monday, June 05, 2006 |
2:11 PM: Spy Sweeper started
2:11 PM: Sweep initiated using definitions version 691
2:11 PM: Starting Memory Sweep
2:14 PM: Memory Sweep Complete, Elapsed Time: 00:03:07
2:14 PM: Starting Registry Sweep
2:14 PM: Found Adware: apropos
2:14 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
2:14 PM: Found Adware: coolwebsearch (cws)
2:14 PM: HKCR\clsid\{6ee714d9-32a7-986a-b54e-a994f454edd3}\ (2 subtraces) (ID = 107303)
2:14 PM: HKLM\software\classes\clsid\{6ee714d9-32a7-986a-b54e-a994f454edd3}\ (2 subtraces) (ID = 108691)
2:14 PM: Found Adware: cws-aboutblank
2:14 PM: HKCR\clsid\{8f6c5de9-fddf-569a-0a0f-fef0e3957f0f}\ (2 subtraces) (ID = 113181)
2:14 PM: HKLM\software\classes\clsid\{8f6c5de9-fddf-569a-0a0f-fef0e3957f0f}\ (2 subtraces) (ID = 114762)
2:14 PM: Found Adware: cws_ns3
2:14 PM: HKCR\clsid\{30d83f56-da50-b817-ef00-1deb557b32f8}\ (2 subtraces) (ID = 118125)
2:14 PM: HKCR\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 118546)
2:14 PM: HKLM\software\classes\clsid\{30d83f56-da50-b817-ef00-1deb557b32f8}\ (2 subtraces) (ID = 119994)
2:14 PM: HKLM\software\classes\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 120392)
2:14 PM: Found Adware: purityscan
2:14 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\mediaticketsinstaller.ocx (ID = 139075)
2:14 PM: Found Adware: screensavers
2:14 PM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
2:14 PM: Found Adware: enbrowser
2:14 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
2:14 PM: Found Adware: command
2:14 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
2:14 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
2:14 PM: Found Adware: marketscore
2:14 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{2cbd1bb3-9ac7-4d7f-9023-8a3e8dfb841a}\ (12 subtraces) (ID = 1141383)
2:14 PM: Found Adware: linkmaker
2:14 PM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
2:14 PM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468)
2:14 PM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
2:14 PM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518)
2:14 PM: HKU\S-1-5-21-3151056399-85685617-3384630467-1003\software\system\sysuid\ (1 subtraces) (ID = 731748)
2:14 PM: Registry Sweep Complete, Elapsed Time:00:00:15
2:14 PM: Starting Cookie Sweep
2:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:14 PM: Starting File Sweep
2:19 PM: Found Trojan Horse: trojan-dropper-agenthl
2:19 PM: vsl03.exe (ID = 297448)
2:19 PM: vsl05.exe (ID = 299775)
2:21 PM: pf78.exe (ID = 244430)
2:22 PM: jiub5f27y.hhy (ID = 276229)
2:27 PM: Found Adware: targetsaver
2:27 PM: class-barrel (ID = 78229)
2:32 PM: vocabulary (ID = 78283)
2:41 PM: Found Adware: directrevenue-abetterinternet
2:41 PM: belt.inf (ID = 83154)
2:41 PM: backup-20060605-101804-258.inf (ID = 74756)
2:41 PM: Found Adware: java byteverify
2:41 PM: classload.jar-1f8050ce-6aa381c3.zip (ID = 64823)
2:42 PM: File Sweep Complete, Elapsed Time: 00:27:33
2:42 PM: Full Sweep has completed. Elapsed time 00:31:01
2:42 PM: Traces Found: 106
2:43 PM: Removal process initiated
2:43 PM: Quarantining All Traces: cws_ns3
2:43 PM: Quarantining All Traces: cws-aboutblank
2:43 PM: Quarantining All Traces: directrevenue-abetterinternet
2:43 PM: Quarantining All Traces: purityscan
2:43 PM: Quarantining All Traces: apropos
2:43 PM: Quarantining All Traces: coolwebsearch (cws)
2:43 PM: Quarantining All Traces: enbrowser
2:43 PM: Quarantining All Traces: linkmaker
2:43 PM: Quarantining All Traces: marketscore
2:43 PM: Quarantining All Traces: trojan-dropper-agenthl
2:43 PM: Quarantining All Traces: command
2:43 PM: Quarantining All Traces: java byteverify
2:43 PM: Quarantining All Traces: screensavers
2:43 PM: Quarantining All Traces: targetsaver
2:44 PM: Removal process completed. Elapsed time 00:01:01
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
********
2:08 PM: | Start of Session, Monday, June 05, 2006 |
2:08 PM: Spy Sweeper started
2:10 PM: Your spyware definitions have been updated.
2:11 PM: | End of Session, Monday, June 05, 2006 |
******I deleted everything quarantined!
Edited by MLL, 07 June 2006 - 05:27 PM.
#75
Posted 07 June 2006 - 05:46 PM
Kaspersky WebScanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Anti-Virus Web Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information from Kapersky in your next post.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users