Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Winantivirus Pro 2006


  • Please log in to reply
40 replies to this topic

#1 kjk20

kjk20

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 31 July 2006 - 10:41 PM

I keep getting a pop up on my desktop saying I need to scan my computer with Winantivirus Pro 2006. If I close it, my browser opens and tries to install the antivirus program. It keeps coming back. I am not sure if that is also the reason I can not update my antivirus program. Here is my HT log. Thanks, Kurt

Logfile of HijackThis v1.99.1
Scan saved at 10:28:22 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\autodown.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39213451-1A81-44FF-9129-C88896D89E92}: NameServer = 4.2.2.2,192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 01 August 2006 - 09:27 AM

Please fix this:

O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)

Then reboot your computer.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


#3 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 02 August 2006 - 06:21 PM

Here is the scan results


Incident Status Location

Adware:adware/deskwizz Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/e2give Not disinfected Windows Registry
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20060506-225643-297.dll
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20060509-231954-863.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.peel.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.belnk.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.com.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.go.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.xiti.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@64.62.232[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ads.pointroll[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@as-eu.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@banner[2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@c.goclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@c2.gostats[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@c5.zedo[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[4].txt
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@date[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@entrepreneur[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@i.screensavers[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ig.com[1].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@lb3.netster[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@mp3search[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@outster[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@overture[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@qsrch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@searchportal.information[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@seeq[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@target[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@terra.com[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@tickle[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@winfixer[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@www48.seeq[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@xiti[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@fastclick[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@linksynergy[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@maxserving[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@media.fastclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@realmedia[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@tribalfusion[1].txt

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 02 August 2006 - 07:02 PM

Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
------------------------

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

#5 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 03 August 2006 - 06:41 PM

Hi, I cleaned out IE and Firefox. We mostly use Firefox. I tried to dl Blacklight but there was an error. It said it may be an old link.
Kurt

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 04 August 2006 - 07:21 AM

I'm sorry :thumbsup:

please use this link: https://europe.f-secure.com/blacklight/try.shtml

#7 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 04 August 2006 - 09:52 PM

Hi, that worked. Here is the log file.

08/04/06 21:48:20 [Info]: BlackLight Engine 1.0.42 initialized
08/04/06 21:48:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/04/06 21:48:20 [Note]: 7019 4
08/04/06 21:48:20 [Note]: 7005 0
08/04/06 21:48:27 [Note]: 7006 0
08/04/06 21:48:27 [Note]: 7011 3036
08/04/06 21:48:28 [Note]: 7026 0
08/04/06 21:48:28 [Note]: 7026 0
08/04/06 21:48:39 [Note]: FSRAW library version 1.7.1019
08/04/06 21:50:48 [Note]: 7007 0

#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 05 August 2006 - 08:41 AM

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode.
  • Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  • Post the contents of the ActiveScan report, the results of the ewido report scan and a fresh HijackThis log.


#9 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 07 August 2006 - 10:35 PM

Here are all the reports.
Kurt

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:00:37 PM 8/7/2006

+ Scan result:



HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\backups\backup-20060506-225643-297.dll -> Adware.Ezula : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5AF2622-8C75-4dfb-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5AF2622-8C75-4dfb-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\mirar.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\Documents and Settings\Emily\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Emily\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Danny\Cookies\danny@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Danny\Cookies\danny@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.389:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\dmgi6owf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley\Cookies\ashley@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end



Incident Status Location

Adware:adware/deskwizz Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/e2give Not disinfected Windows Registry
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20060509-231954-863.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@64.62.232[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@banner[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@c2.gostats[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[4].txt
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@date[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@entrepreneur[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@i.screensavers[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ig.com[1].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@lb3.netster[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@mp3search[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@outster[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@qsrch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@searchportal.information[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@seeq[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@target[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@terra.com[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@tickle[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@winfixer[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@www48.seeq[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@xiti[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@apmebf[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@realmedia[1].txt


Logfile of HijackThis v1.99.1
Scan saved at 10:30:53 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39213451-1A81-44FF-9129-C88896D89E92}: NameServer = 4.2.2.2,192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 08 August 2006 - 03:16 AM

How is your computer running now?

#11 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 09 August 2006 - 08:24 PM

It was running good until today. That Winativirus is back. I see it on my desktop after I close my browser.
Thanks, Kurt

#12 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 10 August 2006 - 04:16 AM

please post a fresh HJT log.

#13 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 14 August 2006 - 06:56 PM

Here is a fresh hjt log.
Kurt

Logfile of HijackThis v1.99.1
Scan saved at 6:55:03 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39213451-1A81-44FF-9129-C88896D89E92}: NameServer = 4.2.2.2,192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#14 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 15 August 2006 - 06:01 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Cookies are nothing to be worried about. They get installed on your computer everytime you visit any webpage. Now some of those are good cookies that get installed for ease of use for next time you visit the same page, but some cookies are spyware used for tracking users surfing habits.

Most of those cookies are third party cookies that can be blocked:

In Firefox go to Tools > Options > Privacy > Cookies

Click the small triangle next to cookies to expand that tab and put a check next to "for the originating website only". This will prevent third party cookies from being installed on your computer.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.

This won't prevent all bad cookies from being installed, but will reduce the amount.

Also there is another program you can use.

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer.

Step #2

Scan again with HijackThis and check the following items:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #3

Find and delete these files and folders (if they are still there):
C:\Program Files\PartyGaming


Reboot your computer

Step #4

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Start HijackThis and perform a new scan.

Use the Add Reply button to post your new logs back here along withas details of any problems you encountered performing the above steps and I will review it when it comes in.

#15 kjk20

kjk20
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:53 PM

Posted 15 August 2006 - 11:51 PM

OK I did all that. Can I run Spywareblaster with all the things that came with my ISP? EZ firewall, eTrust Pest Patrol, and EZ antivirus. They are free with my ISP and are from Computer Associates. Here are all the logs I saved. Kurt


Incident Status Location

Adware:adware/deskwizz Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/e2give Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jrp4b893.default\cookies.txt[.atdmt.com/]
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20060509-231954-863.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@64.62.232[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@banner[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@c2.gostats[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@cgi-bin[4].txt
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@date[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@entrepreneur[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@i.screensavers[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ig.com[1].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@lb3.netster[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@mp3search[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@outster[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@qsrch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@searchportal.information[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@seeq[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@target[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@terra.com[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@tickle[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@winfixer[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@www48.seeq[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@xiti[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@apmebf[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashley\Local Settings\Temp\Cookies\ashley@realmedia[1].txt


-------------------------------------------------------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users