Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adclicker Trojan


  • Please log in to reply
3 replies to this topic

#1 joelc

joelc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 15 January 2006 - 08:11 PM

I have run ad-aware, spybot and stinger but have been unable to remove the adclicker trojan. I have norton anti-virus which keeps popping up that I have the adclicker trojan Thanks for your help!


Logfile of HijackThis v1.99.1
Scan saved at 8:08:40 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\nprotect32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ie-autoconf.uchicago.edu/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3A53A3A4-3306-4293-86D3-FA7CACE1B038} (WebMon Class) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect32.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 21 January 2006 - 09:37 AM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 joelc

joelc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 22 January 2006 - 06:28 PM

Thanks so much for your help! I am posting the SpySweeper Log and a new HijackTHis log.

********
2:00 PM: | Start of Session, Sunday, January 22, 2006 |
2:00 PM: Spy Sweeper started
2:00 PM: Sweep initiated using definitions version 604
2:00 PM: Starting Memory Sweep
2:06 PM: Memory Sweep Complete, Elapsed Time: 00:05:29
2:06 PM: Starting Registry Sweep
2:06 PM: Registry Sweep Complete, Elapsed Time:00:00:32
2:06 PM: Starting Cookie Sweep
2:06 PM: Found Spy Cookie: 2o7.net cookie
2:06 PM: jcohen2@2o7[1].txt (ID = 1957)
2:06 PM: Found Spy Cookie: 64.62.232 cookie
2:06 PM: jcohen2@64.62.232[2].txt (ID = 1987)
2:06 PM: jcohen2@64.62.232[3].txt (ID = 1987)
2:06 PM: jcohen2@64.62.232[4].txt (ID = 1987)
2:06 PM: Found Spy Cookie: go.com cookie
2:06 PM: jcohen2@abcnews.go[1].txt (ID = 2729)
2:06 PM: Found Spy Cookie: abetterinternet cookie
2:06 PM: jcohen2@abetterinternet[1].txt (ID = 2035)
2:06 PM: Found Spy Cookie: about cookie
2:06 PM: jcohen2@about[1].txt (ID = 2037)
2:06 PM: Found Spy Cookie: adorigin cookie
2:06 PM: jcohen2@adorigin[1].txt (ID = 2082)
2:06 PM: Found Spy Cookie: gorillanation cookie
2:06 PM: jcohen2@ads.gorillanation[1].txt (ID = 2744)
2:06 PM: Found Spy Cookie: specificclick.com cookie
2:06 PM: jcohen2@ads.specificclick[2].txt (ID = 3400)
2:06 PM: Found Spy Cookie: ads.trafficvenue.net cookie
2:06 PM: jcohen2@ads.trafficvenue[1].txt (ID = 2131)
2:06 PM: Found Spy Cookie: atwola cookie
2:06 PM: jcohen2@atwola[1].txt (ID = 2255)
2:06 PM: Found Spy Cookie: gostats cookie
2:06 PM: jcohen2@c2.gostats[2].txt (ID = 2748)
2:06 PM: Found Spy Cookie: counter cookie
2:06 PM: jcohen2@counter[1].txt (ID = 2477)
2:06 PM: Found Spy Cookie: dealtime cookie
2:06 PM: jcohen2@dealtime[2].txt (ID = 2505)
2:06 PM: Found Spy Cookie: emode cookie
2:06 PM: jcohen2@emode[2].txt (ID = 2603)
2:06 PM: jcohen2@espn.go[1].txt (ID = 2729)
2:06 PM: jcohen2@gomailus.go[1].txt (ID = 2729)
2:06 PM: jcohen2@gostats[1].txt (ID = 2747)
2:06 PM: jcohen2@go[2].txt (ID = 2728)
2:06 PM: jcohen2@jobsearch.about[2].txt (ID = 2038)
2:06 PM: Found Spy Cookie: ugo cookie
2:06 PM: jcohen2@mediamgr.ugo[2].txt (ID = 3609)
2:06 PM: Found Spy Cookie: metareward.com cookie
2:06 PM: jcohen2@metareward[2].txt (ID = 2990)
2:06 PM: jcohen2@msn.espn.go[1].txt (ID = 2729)
2:06 PM: jcohen2@my.espn.go[1].txt (ID = 2729)
2:06 PM: Found Spy Cookie: netratingsselect cookie
2:06 PM: jcohen2@nnselect[2].txt (ID = 3065)
2:06 PM: Found Spy Cookie: pricegrabber cookie
2:06 PM: jcohen2@pcworld.pricegrabber[1].txt (ID = 3186)
2:06 PM: Found Spy Cookie: pokerroom cookie
2:06 PM: jcohen2@pokerroom[2].txt (ID = 3149)
2:06 PM: jcohen2@politicalhumor.about[1].txt (ID = 2038)
2:06 PM: jcohen2@pricegrabber[2].txt (ID = 3185)
2:06 PM: Found Spy Cookie: rightmedia cookie
2:06 PM: jcohen2@rightmedia[1].txt (ID = 3259)
2:06 PM: jcohen2@rsi.espn.go[1].txt (ID = 2729)
2:06 PM: Found Spy Cookie: adscpm cookie
2:06 PM: jcohen2@servedby.adscpm[1].txt (ID = 2137)
2:06 PM: Found Spy Cookie: smni cookie
2:06 PM: jcohen2@smni[1].txt (ID = 3389)
2:06 PM: Found Spy Cookie: specificpop cookie
2:06 PM: jcohen2@specificpop[2].txt (ID = 3401)
2:06 PM: jcohen2@sports.espn.go[2].txt (ID = 2729)
2:06 PM: jcohen2@stat.dealtime[1].txt (ID = 2506)
2:06 PM: Found Spy Cookie: stats.klsoft.com cookie
2:06 PM: jcohen2@stats.klsoft[1].txt (ID = 3451)
2:06 PM: jcohen2@techbargains.pricegrabber[1].txt (ID = 3186)
2:06 PM: Found Spy Cookie: trb.com cookie
2:06 PM: jcohen2@trb[1].txt (ID = 3587)
2:06 PM: Found Spy Cookie: esurance cookie
2:06 PM: jcohen2@www.esurance[1].txt (ID = 2626)
2:06 PM: jcohen2@www.go[2].txt (ID = 2729)
2:06 PM: Found Spy Cookie: newtopsites cookie
2:06 PM: jcohen2@www.newtopsites[1].txt (ID = 3078)
2:06 PM: Found Spy Cookie: xzoomy cookie
2:06 PM: jcohen2@www.xzoomy[2].txt (ID = 3742)
2:06 PM: Found Spy Cookie: xiti cookie
2:06 PM: jcohen2@xiti[1].txt (ID = 3717)
2:06 PM: Found Spy Cookie: 247realmedia cookie
2:06 PM: joel cohen@247realmedia[1].txt (ID = 1953)
2:06 PM: joel cohen@2o7[2].txt (ID = 1957)
2:06 PM: Found Spy Cookie: adknowledge cookie
2:06 PM: joel cohen@adknowledge[1].txt (ID = 2072)
2:06 PM: joel cohen@adopt.specificclick[1].txt (ID = 3400)
2:06 PM: Found Spy Cookie: addynamix cookie
2:06 PM: joel cohen@ads.addynamix[2].txt (ID = 2062)
2:06 PM: Found Spy Cookie: pointroll cookie
2:06 PM: joel cohen@ads.pointroll[1].txt (ID = 3148)
2:06 PM: Found Spy Cookie: advertising cookie
2:06 PM: joel cohen@advertising[2].txt (ID = 2175)
2:06 PM: Found Spy Cookie: ask cookie
2:06 PM: joel cohen@ask[1].txt (ID = 2245)
2:06 PM: Found Spy Cookie: atlas dmt cookie
2:06 PM: joel cohen@atdmt[2].txt (ID = 2253)
2:06 PM: Found Spy Cookie: bizrate cookie
2:06 PM: joel cohen@bizrate[2].txt (ID = 2308)
2:06 PM: Found Spy Cookie: bluestreak cookie
2:06 PM: joel cohen@bluestreak[1].txt (ID = 2314)
2:06 PM: joel cohen@broadspancommerce.122.2o7[1].txt (ID = 1958)
2:06 PM: Found Spy Cookie: burstnet cookie
2:06 PM: joel cohen@burstnet[1].txt (ID = 2336)
2:06 PM: joel cohen@buycom.122.2o7[1].txt (ID = 1958)
2:06 PM: Found Spy Cookie: overture cookie
2:06 PM: joel cohen@data2.perf.overture[1].txt (ID = 3106)
2:06 PM: joel cohen@dealnews.122.2o7[1].txt (ID = 1958)
2:06 PM: Found Spy Cookie: ru4 cookie
2:06 PM: joel cohen@edge.ru4[2].txt (ID = 3269)
2:06 PM: Found Spy Cookie: fastclick cookie
2:06 PM: joel cohen@fastclick[2].txt (ID = 2651)
2:06 PM: joel cohen@media.fastclick[1].txt (ID = 2652)
2:06 PM: Found Spy Cookie: nextag cookie
2:06 PM: joel cohen@nextag[1].txt (ID = 5014)
2:06 PM: Found Spy Cookie: questionmarket cookie
2:06 PM: joel cohen@questionmarket[1].txt (ID = 3217)
2:06 PM: Found Spy Cookie: tribalfusion cookie
2:06 PM: joel cohen@tribalfusion[2].txt (ID = 3589)
2:06 PM: Found Spy Cookie: burstbeacon cookie
2:06 PM: joel cohen@www.burstbeacon[1].txt (ID = 2335)
2:06 PM: joel cohen@www.nextag[2].txt (ID = 5015)
2:06 PM: Found Spy Cookie: adserver cookie
2:06 PM: joel cohen@z1.adserver[1].txt (ID = 2142)
2:06 PM: Found Spy Cookie: zedo cookie
2:06 PM: joel cohen@zedo[1].txt (ID = 3762)
2:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:12
2:06 PM: Starting File Sweep
2:58 PM: Warning: Invalid file - not a PKZip file
2:58 PM: Warning: Invalid file - not a PKZip file
2:58 PM: Warning: Unhandled Archive Type
2:58 PM: Warning: Unhandled Archive Type
2:59 PM: Warning: Unhandled Archive Type
2:59 PM: Warning: Unhandled Archive Type
3:00 PM: Warning: Unhandled Archive Type
3:00 PM: Warning: Unhandled Archive Type
3:00 PM: Warning: Unhandled Archive Type
3:00 PM: Warning: Unhandled Archive Type
3:01 PM: Warning: Unhandled Archive Type
3:03 PM: Warning: Invalid Stream
3:03 PM: File Sweep Complete, Elapsed Time: 00:56:56
3:03 PM: Full Sweep has completed. Elapsed time 01:03:18
3:03 PM: Traces Found: 71
4:16 PM: Removal process initiated
4:16 PM: Quarantining All Traces: 247realmedia cookie
4:16 PM: Quarantining All Traces: 2o7.net cookie
4:16 PM: Quarantining All Traces: 64.62.232 cookie
4:16 PM: Quarantining All Traces: abetterinternet cookie
4:16 PM: Quarantining All Traces: about cookie
4:16 PM: Quarantining All Traces: addynamix cookie
4:16 PM: Quarantining All Traces: adknowledge cookie
4:16 PM: Quarantining All Traces: adorigin cookie
4:16 PM: Quarantining All Traces: ads.trafficvenue.net cookie
4:16 PM: Quarantining All Traces: adscpm cookie
4:16 PM: Quarantining All Traces: adserver cookie
4:16 PM: Quarantining All Traces: advertising cookie
4:16 PM: Quarantining All Traces: ask cookie
4:16 PM: Quarantining All Traces: atlas dmt cookie
4:16 PM: Quarantining All Traces: atwola cookie
4:16 PM: Quarantining All Traces: bizrate cookie
4:16 PM: Quarantining All Traces: bluestreak cookie
4:16 PM: Quarantining All Traces: burstbeacon cookie
4:16 PM: Quarantining All Traces: burstnet cookie
4:16 PM: Quarantining All Traces: counter cookie
4:16 PM: Quarantining All Traces: dealtime cookie
4:16 PM: Quarantining All Traces: emode cookie
4:16 PM: Quarantining All Traces: esurance cookie
4:16 PM: Quarantining All Traces: fastclick cookie
4:16 PM: Quarantining All Traces: go.com cookie
4:16 PM: Quarantining All Traces: gorillanation cookie
4:16 PM: Quarantining All Traces: gostats cookie
4:16 PM: Quarantining All Traces: metareward.com cookie
4:16 PM: Quarantining All Traces: netratingsselect cookie
4:16 PM: Quarantining All Traces: newtopsites cookie
4:16 PM: Quarantining All Traces: nextag cookie
4:16 PM: Quarantining All Traces: overture cookie
4:16 PM: Quarantining All Traces: pointroll cookie
4:16 PM: Quarantining All Traces: pokerroom cookie
4:16 PM: Quarantining All Traces: pricegrabber cookie
4:16 PM: Quarantining All Traces: questionmarket cookie
4:16 PM: Quarantining All Traces: rightmedia cookie
4:16 PM: Quarantining All Traces: ru4 cookie
4:16 PM: Quarantining All Traces: smni cookie
4:16 PM: Quarantining All Traces: specificclick.com cookie
4:16 PM: Quarantining All Traces: specificpop cookie
4:16 PM: Quarantining All Traces: stats.klsoft.com cookie
4:16 PM: Quarantining All Traces: trb.com cookie
4:16 PM: Quarantining All Traces: tribalfusion cookie
4:16 PM: Quarantining All Traces: ugo cookie
4:16 PM: Quarantining All Traces: xiti cookie
4:16 PM: Quarantining All Traces: xzoomy cookie
4:16 PM: Quarantining All Traces: zedo cookie
4:16 PM: Removal process completed. Elapsed time 00:00:22
********
1:58 PM: | Start of Session, Sunday, January 22, 2006 |
1:58 PM: Spy Sweeper started
1:59 PM: Your spyware definitions have been updated.
2:00 PM: | End of Session, Sunday, January 22, 2006 |





Logfile of HijackThis v1.99.1
Scan saved at 6:23:43 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\nprotect32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ie-autoconf.uchicago.edu/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3A53A3A4-3306-4293-86D3-FA7CACE1B038} (WebMon Class) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect32.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 22 January 2006 - 06:34 PM

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Log looks fine
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users