Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Spyware Problem?


  • Please log in to reply
3 replies to this topic

#1 Veritas

Veritas

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 19 November 2005 - 10:09 PM

Need some help once again guys. I've got some weird thing going on that takes over the IE browser window, few other misc. stuff floating around. Here's my log file...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijaack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...ab?978322605109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


any help would be much appreciated. thanks a bunch!

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:51 PM

Posted 20 November 2005 - 06:30 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 Veritas

Veritas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 20 November 2005 - 07:07 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David





Alrighty, here goes...

********
6:34 PM: | Start of Session, Sunday, November 20, 2005 |
6:34 PM: Spy Sweeper started
6:34 PM: Sweep initiated using definitions version 575
6:34 PM: Starting Memory Sweep
6:35 PM: Found Adware: virtumonde
6:35 PM: Detected running threat: C:\WINDOWS\system32\pmkhi.dll (ID = 77)
6:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:01
6:36 PM: Starting Registry Sweep
6:36 PM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
6:36 PM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
6:36 PM: HKCR\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749140)
6:36 PM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
6:36 PM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
6:36 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749160)
6:36 PM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749166)
6:36 PM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\progid\ (1 subtraces) (ID = 749172)
6:36 PM: Registry Sweep Complete, Elapsed Time:00:00:11
6:36 PM: Starting Cookie Sweep
6:36 PM: Found Spy Cookie: 2o7.net cookie
6:36 PM: owner@2o7[1].txt (ID = 1957)
6:36 PM: Found Spy Cookie: 3 cookie
6:36 PM: owner@3[1].txt (ID = 1959)
6:36 PM: Found Spy Cookie: 888 cookie
6:36 PM: owner@888[2].txt (ID = 2019)
6:36 PM: Found Spy Cookie: shop@home cookie
6:36 PM: owner@a.shopathomeselect[1].txt (ID = 3368)
6:36 PM: Found Spy Cookie: websponsors cookie
6:36 PM: owner@a.websponsors[1].txt (ID = 3665)
6:36 PM: Found Spy Cookie: about cookie
6:36 PM: owner@about[2].txt (ID = 2037)
6:36 PM: Found Spy Cookie: reunion cookie
6:36 PM: owner@ad.reunion[1].txt (ID = 3256)
6:36 PM: Found Spy Cookie: yieldmanager cookie
6:36 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
6:36 PM: Found Spy Cookie: bannerbank cookie
6:36 PM: owner@ad6.bannerbank[2].txt (ID = 2281)
6:36 PM: Found Spy Cookie: adecn cookie
6:36 PM: owner@adecn[1].txt (ID = 2063)
6:36 PM: Found Spy Cookie: adknowledge cookie
6:36 PM: owner@adknowledge[2].txt (ID = 2072)
6:36 PM: Found Spy Cookie: adlegend cookie
6:36 PM: owner@adlegend[1].txt (ID = 2074)
6:36 PM: Found Spy Cookie: hbmediapro cookie
6:36 PM: owner@adopt.hbmediapro[2].txt (ID = 2768)
6:36 PM: Found Spy Cookie: hotbar cookie
6:36 PM: owner@adopt.hotbar[2].txt (ID = 4207)
6:36 PM: Found Spy Cookie: specificclick.com cookie
6:36 PM: owner@adopt.specificclick[1].txt (ID = 3400)
6:36 PM: Found Spy Cookie: adrevolver cookie
6:36 PM: owner@adrevolver[2].txt (ID = 2088)
6:36 PM: owner@adrevolver[3].txt (ID = 2088)
6:36 PM: Found Spy Cookie: addynamix cookie
6:36 PM: owner@ads.addynamix[1].txt (ID = 2062)
6:36 PM: Found Spy Cookie: cc214142 cookie
6:36 PM: owner@ads.cc214142[1].txt (ID = 2367)
6:36 PM: Found Spy Cookie: pointroll cookie
6:36 PM: owner@ads.pointroll[2].txt (ID = 3148)
6:36 PM: Found Spy Cookie: ads.stileproject cookie
6:36 PM: owner@ads.stileproject[1].txt (ID = 2127)
6:36 PM: Found Spy Cookie: ads.tripod.lycos.com cookie
6:36 PM: owner@ads.tripod.lycos[2].txt (ID = 2133)
6:36 PM: owner@ads.tripod.lycos[3].txt (ID = 2133)
6:36 PM: Found Spy Cookie: adtech cookie
6:36 PM: owner@adtech[2].txt (ID = 2155)
6:36 PM: Found Spy Cookie: adultfriendfinder cookie
6:36 PM: owner@adultfriendfinder[2].txt (ID = 2165)
6:36 PM: Found Spy Cookie: advertising cookie
6:36 PM: owner@advertising[2].txt (ID = 2175)
6:36 PM: Found Spy Cookie: adviva cookie
6:36 PM: owner@adviva[2].txt (ID = 2177)
6:36 PM: Found Spy Cookie: apmebf cookie
6:36 PM: owner@apmebf[2].txt (ID = 2229)
6:36 PM: Found Spy Cookie: falkag cookie
6:36 PM: owner@as-eu.falkag[1].txt (ID = 2650)
6:36 PM: owner@as-us.falkag[1].txt (ID = 2650)
6:36 PM: owner@as1.falkag[1].txt (ID = 2650)
6:36 PM: Found Spy Cookie: askmen cookie
6:36 PM: owner@askmen[2].txt (ID = 2247)
6:36 PM: Found Spy Cookie: ask cookie
6:36 PM: owner@ask[1].txt (ID = 2245)
6:36 PM: Found Spy Cookie: atlas dmt cookie
6:36 PM: owner@atdmt[2].txt (ID = 2253)
6:36 PM: Found Spy Cookie: belnk cookie
6:36 PM: owner@ath.belnk[1].txt (ID = 2293)
6:36 PM: Found Spy Cookie: atwola cookie
6:36 PM: owner@atwola[1].txt (ID = 2255)
6:36 PM: Found Spy Cookie: azjmp cookie
6:36 PM: owner@azjmp[1].txt (ID = 2270)
6:36 PM: Found Spy Cookie: a cookie
6:36 PM: owner@a[1].txt (ID = 2027)
6:36 PM: Found Spy Cookie: banners cookie
6:36 PM: owner@banners[1].txt (ID = 2282)
6:36 PM: Found Spy Cookie: banner cookie
6:36 PM: owner@banner[1].txt (ID = 2276)
6:36 PM: owner@belnk[1].txt (ID = 2292)
6:36 PM: Found Spy Cookie: bluestreak cookie
6:36 PM: owner@bluestreak[2].txt (ID = 2314)
6:36 PM: Found Spy Cookie: go.com cookie
6:36 PM: owner@broadband.espn.go[1].txt (ID = 2729)
6:36 PM: Found Spy Cookie: bs.serving-sys cookie
6:36 PM: owner@bs.serving-sys[2].txt (ID = 2330)
6:36 PM: Found Spy Cookie: burstnet cookie
6:36 PM: owner@burstnet[1].txt (ID = 2336)
6:36 PM: Found Spy Cookie: goclick cookie
6:36 PM: owner@c.goclick[2].txt (ID = 2733)
6:36 PM: Found Spy Cookie: zedo cookie
6:36 PM: owner@c5.zedo[1].txt (ID = 3763)
6:36 PM: Found Spy Cookie: casalemedia cookie
6:36 PM: owner@casalemedia[1].txt (ID = 2354)
6:36 PM: Found Spy Cookie: centrport net cookie
6:36 PM: owner@centrport[2].txt (ID = 2374)
6:36 PM: Found Spy Cookie: clickbank cookie
6:36 PM: owner@clickbank[2].txt (ID = 2398)
6:36 PM: Found Spy Cookie: sextracker cookie
6:36 PM: owner@counter1.sextracker[1].txt (ID = 3362)
6:36 PM: owner@counter9.sextracker[1].txt (ID = 3362)
6:36 PM: Found Spy Cookie: 360i cookie
6:36 PM: owner@ct.360i[1].txt (ID = 1962)
6:36 PM: Found Spy Cookie: coremetrics cookie
6:36 PM: owner@data.coremetrics[1].txt (ID = 2472)
6:36 PM: Found Spy Cookie: wtlive.com cookie
6:36 PM: owner@dcstest.wtlive[2].txt (ID = 3700)
6:36 PM: Found Spy Cookie: dealtime cookie
6:36 PM: owner@dealtime[2].txt (ID = 2505)
6:36 PM: Found Spy Cookie: did-it cookie
6:36 PM: owner@did-it[2].txt (ID = 2523)
6:36 PM: owner@dist.belnk[1].txt (ID = 2293)
6:36 PM: Found Spy Cookie: ru4 cookie
6:36 PM: owner@edge.ru4[1].txt (ID = 3269)
6:36 PM: owner@espn.go[1].txt (ID = 2729)
6:36 PM: Found Spy Cookie: fastclick cookie
6:36 PM: owner@fastclick[2].txt (ID = 2651)
6:36 PM: Found Spy Cookie: fe.lea.lycos.com cookie
6:36 PM: owner@fe.lea.lycos[1].txt (ID = 2660)
6:36 PM: owner@fe.lea.lycos[2].txt (ID = 2660)
6:36 PM: owner@fe.lea.lycos[3].txt (ID = 2660)
6:36 PM: Found Spy Cookie: fortunecity cookie
6:36 PM: owner@fortunecity[1].txt (ID = 2686)
6:36 PM: Found Spy Cookie: gamespy cookie
6:36 PM: owner@gamespy[1].txt (ID = 2719)
6:36 PM: owner@go[1].txt (ID = 2728)
6:36 PM: Found Spy Cookie: starware.com cookie
6:36 PM: owner@h.starware[1].txt (ID = 3442)
6:36 PM: Found Spy Cookie: humanclick cookie
6:36 PM: owner@hc2.humanclick[1].txt (ID = 2810)
6:36 PM: Found Spy Cookie: clickandtrack cookie
6:36 PM: owner@hits.clickandtrack[2].txt (ID = 2397)
6:36 PM: Found Spy Cookie: screensavers.com cookie
6:36 PM: owner@i.screensavers[2].txt (ID = 3298)
6:36 PM: Found Spy Cookie: ic-live cookie
6:36 PM: owner@ic-live[1].txt (ID = 2821)
6:36 PM: Found Spy Cookie: domainsponsor cookie
6:36 PM: owner@landing.domainsponsor[2].txt (ID = 2535)
6:36 PM: Found Spy Cookie: linksynergy cookie
6:36 PM: owner@linksynergy[1].txt (ID = 2926)
6:36 PM: Found Spy Cookie: maxserving cookie
6:36 PM: owner@maxserving[1].txt (ID = 2966)
6:36 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
6:36 PM: Found Spy Cookie: nextag cookie
6:36 PM: owner@nextag[2].txt (ID = 5014)
6:36 PM: Found Spy Cookie: offeroptimizer cookie
6:36 PM: owner@offeroptimizer[1].txt (ID = 3087)
6:36 PM: Found Spy Cookie: overture cookie
6:36 PM: owner@overture[1].txt (ID = 3105)
6:36 PM: owner@paranormal.about[2].txt (ID = 2038)
6:36 PM: Found Spy Cookie: paypopup cookie
6:36 PM: owner@paypopup[2].txt (ID = 3119)
6:36 PM: owner@perf.overture[1].txt (ID = 3106)
6:36 PM: Found Spy Cookie: valuead cookie
6:36 PM: owner@premiumnetworkrocks.valuead[2].txt (ID = 3627)
6:36 PM: Found Spy Cookie: pricegrabber cookie
6:36 PM: owner@pricegrabber[2].txt (ID = 3185)
6:36 PM: Found Spy Cookie: pub cookie
6:36 PM: owner@pub[1].txt (ID = 3205)
6:36 PM: Found Spy Cookie: qksrv cookie
6:36 PM: owner@qksrv[2].txt (ID = 3213)
6:36 PM: Found Spy Cookie: qsrch cookie
6:36 PM: owner@qsrch[1].txt (ID = 3215)
6:36 PM: Found Spy Cookie: questionmarket cookie
6:36 PM: owner@questionmarket[1].txt (ID = 3217)
6:36 PM: Found Spy Cookie: realmedia cookie
6:36 PM: owner@realmedia[1].txt (ID = 3235)
6:36 PM: owner@reunion[2].txt (ID = 3255)
6:36 PM: Found Spy Cookie: rn11 cookie
6:36 PM: owner@rn11[2].txt (ID = 3261)
6:36 PM: Found Spy Cookie: adjuggler cookie
6:36 PM: owner@rotator.adjuggler[1].txt (ID = 2071)
6:36 PM: owner@rsi.espn.go[1].txt (ID = 2729)
6:36 PM: Found Spy Cookie: servedby advertising cookie
6:36 PM: owner@servedby.advertising[1].txt (ID = 3335)
6:36 PM: Found Spy Cookie: server.iad.liveperson cookie
6:36 PM: owner@server.iad.liveperson[1].txt (ID = 3341)
6:36 PM: Found Spy Cookie: serving-sys cookie
6:36 PM: owner@serving-sys[2].txt (ID = 3343)
6:36 PM: Found Spy Cookie: sexlist cookie
6:36 PM: owner@sexlist[1].txt (ID = 3353)
6:36 PM: owner@sextracker[2].txt (ID = 3361)
6:36 PM: owner@shopathomeselect[2].txt (ID = 3367)
6:36 PM: owner@skateboard.about[1].txt (ID = 2038)
6:36 PM: Found Spy Cookie: spylog cookie
6:36 PM: owner@spylog[2].txt (ID = 3415)
6:36 PM: owner@starware[2].txt (ID = 3441)
6:36 PM: owner@stat.dealtime[2].txt (ID = 2506)
6:36 PM: Found Spy Cookie: statcounter cookie
6:36 PM: owner@statcounter[1].txt (ID = 3447)
6:36 PM: Found Spy Cookie: reliablestats cookie
6:36 PM: owner@stats1.reliablestats[2].txt (ID = 3254)
6:36 PM: Found Spy Cookie: webtrendslive cookie
6:36 PM: owner@statse.webtrendslive[1].txt (ID = 3667)
6:36 PM: Found Spy Cookie: targetnet cookie
6:36 PM: owner@targetnet[2].txt (ID = 3489)
6:36 PM: Found Spy Cookie: toplist cookie
6:36 PM: owner@toplist[1].txt (ID = 3557)
6:36 PM: Found Spy Cookie: tracking cookie
6:36 PM: owner@tracking[1].txt (ID = 3571)
6:36 PM: Found Spy Cookie: tradedoubler cookie
6:36 PM: owner@tradedoubler[1].txt (ID = 3575)
6:36 PM: Found Spy Cookie: trafficmp cookie
6:36 PM: owner@trafficmp[2].txt (ID = 3581)
6:36 PM: Found Spy Cookie: tribalfusion cookie
6:36 PM: owner@tribalfusion[2].txt (ID = 3589)
6:36 PM: Found Spy Cookie: tripod cookie
6:36 PM: owner@tripod[1].txt (ID = 3591)
6:36 PM: owner@twci.coremetrics[1].txt (ID = 2472)
6:36 PM: owner@vitacost.122.2o7[1].txt (ID = 1958)
6:36 PM: Found Spy Cookie: weborama cookie
6:36 PM: owner@weborama[2].txt (ID = 3658)
6:36 PM: Found Spy Cookie: affiliatefuel.com cookie
6:36 PM: owner@www.affiliatefuel[1].txt (ID = 2202)
6:36 PM: Found Spy Cookie: burstbeacon cookie
6:36 PM: owner@www.burstbeacon[1].txt (ID = 2335)
6:36 PM: owner@www.falkag[1].txt (ID = 2650)
6:36 PM: owner@www.screensavers[2].txt (ID = 3298)
6:36 PM: Found Spy Cookie: seeq cookie
6:36 PM: owner@www.seeq[1].txt (ID = 3332)
6:36 PM: owner@www.starware[1].txt (ID = 3442)
6:36 PM: owner@www48.seeq[1].txt (ID = 3332)
6:36 PM: Found Spy Cookie: xiti cookie
6:36 PM: owner@xiti[1].txt (ID = 3717)
6:36 PM: Found Spy Cookie: yadro cookie
6:36 PM: owner@yadro[1].txt (ID = 3743)
6:36 PM: owner@yieldmanager[2].txt (ID = 3749)
6:36 PM: Found Spy Cookie: adserver cookie
6:36 PM: owner@z1.adserver[2].txt (ID = 2142)
6:36 PM: owner@zedo[2].txt (ID = 3762)
6:36 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
6:36 PM: Starting File Sweep
6:45 PM: File Sweep Complete, Elapsed Time: 00:08:12
6:45 PM: Full Sweep has completed. Elapsed time 00:10:33
6:45 PM: Traces Found: 178
6:59 PM: Removal process initiated
7:00 PM: Quarantining All Traces: virtumonde
7:00 PM: virtumonde is in use. It will be removed on reboot.
7:00 PM: C:\WINDOWS\system32\pmkhi.dll is in use. It will be removed on reboot.
7:00 PM: Quarantining All Traces: 2o7.net cookie
7:00 PM: Quarantining All Traces: 3 cookie
7:00 PM: Quarantining All Traces: 360i cookie
7:00 PM: Quarantining All Traces: 888 cookie
7:00 PM: Quarantining All Traces: a cookie
7:00 PM: Quarantining All Traces: about cookie
7:00 PM: Quarantining All Traces: addynamix cookie
7:00 PM: Quarantining All Traces: adecn cookie
7:00 PM: Quarantining All Traces: adjuggler cookie
7:00 PM: Quarantining All Traces: adknowledge cookie
7:00 PM: Quarantining All Traces: adlegend cookie
7:00 PM: Quarantining All Traces: adrevolver cookie
7:00 PM: Quarantining All Traces: ads.stileproject cookie
7:00 PM: Quarantining All Traces: ads.tripod.lycos.com cookie
7:00 PM: Quarantining All Traces: adserver cookie
7:00 PM: Quarantining All Traces: adtech cookie
7:00 PM: Quarantining All Traces: adultfriendfinder cookie
7:00 PM: Quarantining All Traces: advertising cookie
7:00 PM: Quarantining All Traces: adviva cookie
7:00 PM: Quarantining All Traces: affiliatefuel.com cookie
7:00 PM: Quarantining All Traces: apmebf cookie
7:00 PM: Quarantining All Traces: ask cookie
7:00 PM: Quarantining All Traces: askmen cookie
7:00 PM: Quarantining All Traces: atlas dmt cookie
7:00 PM: Quarantining All Traces: atwola cookie
7:00 PM: Quarantining All Traces: azjmp cookie
7:00 PM: Quarantining All Traces: banner cookie
7:00 PM: Quarantining All Traces: bannerbank cookie
7:00 PM: Quarantining All Traces: banners cookie
7:00 PM: Quarantining All Traces: belnk cookie
7:00 PM: Quarantining All Traces: bluestreak cookie
7:00 PM: Quarantining All Traces: bs.serving-sys cookie
7:00 PM: Quarantining All Traces: burstbeacon cookie
7:00 PM: Quarantining All Traces: burstnet cookie
7:00 PM: Quarantining All Traces: casalemedia cookie
7:00 PM: Quarantining All Traces: cc214142 cookie
7:00 PM: Quarantining All Traces: centrport net cookie
7:00 PM: Quarantining All Traces: clickandtrack cookie
7:00 PM: Quarantining All Traces: clickbank cookie
7:00 PM: Quarantining All Traces: coremetrics cookie
7:00 PM: Quarantining All Traces: dealtime cookie
7:00 PM: Quarantining All Traces: did-it cookie
7:00 PM: Quarantining All Traces: domainsponsor cookie
7:00 PM: Quarantining All Traces: falkag cookie
7:00 PM: Quarantining All Traces: fastclick cookie
7:00 PM: Quarantining All Traces: fe.lea.lycos.com cookie
7:00 PM: Quarantining All Traces: fortunecity cookie
7:00 PM: Quarantining All Traces: gamespy cookie
7:00 PM: Quarantining All Traces: go.com cookie
7:00 PM: Quarantining All Traces: goclick cookie
7:00 PM: Quarantining All Traces: hbmediapro cookie
7:00 PM: Quarantining All Traces: hotbar cookie
7:00 PM: Quarantining All Traces: humanclick cookie
7:00 PM: Quarantining All Traces: ic-live cookie
7:00 PM: Quarantining All Traces: linksynergy cookie
7:00 PM: Quarantining All Traces: maxserving cookie
7:00 PM: Quarantining All Traces: nextag cookie
7:00 PM: Quarantining All Traces: offeroptimizer cookie
7:00 PM: Quarantining All Traces: overture cookie
7:00 PM: Quarantining All Traces: paypopup cookie
7:00 PM: Quarantining All Traces: pointroll cookie
7:00 PM: Quarantining All Traces: pricegrabber cookie
7:00 PM: Quarantining All Traces: pub cookie
7:00 PM: Quarantining All Traces: qksrv cookie
7:00 PM: Quarantining All Traces: qsrch cookie
7:00 PM: Quarantining All Traces: questionmarket cookie
7:00 PM: Quarantining All Traces: realmedia cookie
7:00 PM: Quarantining All Traces: reliablestats cookie
7:01 PM: Quarantining All Traces: reunion cookie
7:01 PM: Quarantining All Traces: rn11 cookie
7:01 PM: Quarantining All Traces: ru4 cookie
7:01 PM: Quarantining All Traces: screensavers.com cookie
7:01 PM: Quarantining All Traces: seeq cookie
7:01 PM: Quarantining All Traces: servedby advertising cookie
7:01 PM: Quarantining All Traces: server.iad.liveperson cookie
7:01 PM: Quarantining All Traces: serving-sys cookie
7:01 PM: Quarantining All Traces: sexlist cookie
7:01 PM: Quarantining All Traces: sextracker cookie
7:01 PM: Quarantining All Traces: shop@home cookie
7:01 PM: Quarantining All Traces: specificclick.com cookie
7:01 PM: Quarantining All Traces: spylog cookie
7:01 PM: Quarantining All Traces: starware.com cookie
7:01 PM: Quarantining All Traces: statcounter cookie
7:01 PM: Quarantining All Traces: targetnet cookie
7:01 PM: Quarantining All Traces: toplist cookie
7:01 PM: Quarantining All Traces: tracking cookie
7:01 PM: Quarantining All Traces: tradedoubler cookie
7:01 PM: Quarantining All Traces: trafficmp cookie
7:01 PM: Quarantining All Traces: tribalfusion cookie
7:01 PM: Quarantining All Traces: tripod cookie
7:01 PM: Quarantining All Traces: valuead cookie
7:01 PM: Quarantining All Traces: weborama cookie
7:01 PM: Quarantining All Traces: websponsors cookie
7:01 PM: Quarantining All Traces: webtrendslive cookie
7:01 PM: Quarantining All Traces: wtlive.com cookie
7:01 PM: Quarantining All Traces: xiti cookie
7:01 PM: Quarantining All Traces: yadro cookie
7:01 PM: Quarantining All Traces: yieldmanager cookie
7:01 PM: Quarantining All Traces: zedo cookie
7:01 PM: Preparing to restart your computer. Please wait...
7:01 PM: Removal process completed. Elapsed time 00:01:14
********
6:32 PM: | Start of Session, Sunday, November 20, 2005 |
6:32 PM: Spy Sweeper started
6:34 PM: Your spyware definitions have been updated.
6:34 PM: | End of Session, Sunday, November 20, 2005 |


huzzah? lemme know, thanks a bunch

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:51 PM

Posted 21 November 2005 - 11:37 AM

Can i have a new HijackThis log please
David :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users