1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Adware, poss WinAntivirus?

Discussion in 'Virus & Other Malware Removal' started by GrumpyHermit, Jul 12, 2006.

Thread Status:
Not open for further replies.
  1. GrumpyHermit

    GrumpyHermit Thread Starter

    Joined:
    May 23, 2004
    Messages:
    464
    Log of Hijack This!

    Logfile of HijackThis v1.99.1
    Scan saved at 3:32:07 PM, on 7/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Documents and Settings\Bob Evans\My Documents\Program Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.accuradio.com
    O15 - Trusted Zone: *.akamai.net
    O15 - Trusted Zone: rainweb2.streamguys.com
    O15 - Trusted Zone: *.yimg.com
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093028462573
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133357826917
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    ====================================================

    Webroot SpySweeper results:

    ********
    2:21 PM: | Start of Session, Wednesday, July 12, 2006 |
    2:21 PM: Spy Sweeper started
    2:21 PM: Sweep initiated using definitions version 717
    2:21 PM: Starting Memory Sweep
    2:24 PM: Memory Sweep Complete, Elapsed Time: 00:03:27
    2:24 PM: Starting Registry Sweep
    2:25 PM: Registry Sweep Complete, Elapsed Time:00:00:09
    2:25 PM: Starting Cookie Sweep
    2:25 PM: Found Spy Cookie: websponsors cookie
    2:25 PM: karen [email protected][2].txt (ID = 3665)
    2:25 PM: Found Spy Cookie: go.com cookie
    2:25 PM: karen [email protected][2].txt (ID = 2729)
    2:25 PM: Found Spy Cookie: ask cookie
    2:25 PM: karen [email protected][2].txt (ID = 2245)
    2:25 PM: Found Spy Cookie: atwola cookie
    2:25 PM: karen [email protected][1].txt (ID = 2255)
    2:25 PM: Found Spy Cookie: bizrate cookie
    2:25 PM: karen [email protected][2].txt (ID = 2308)
    2:25 PM: Found Spy Cookie: columbiahouse cookie
    2:25 PM: karen [email protected][1].txt (ID = 2443)
    2:25 PM: Found Spy Cookie: coolsavings cookie
    2:25 PM: karen [email protected][2].txt (ID = 2465)
    2:25 PM: Found Spy Cookie: 360i cookie
    2:25 PM: karen [email protected][2].txt (ID = 1962)
    2:25 PM: Found Spy Cookie: dealtime cookie
    2:25 PM: karen [email protected][1].txt (ID = 2505)
    2:25 PM: karen [email protected][1].txt (ID = 2729)
    2:25 PM: karen [email protected][2].txt (ID = 2728)
    2:25 PM: Found Spy Cookie: ic-live cookie
    2:25 PM: karen [email protected][1].txt (ID = 2821)
    2:25 PM: Found Spy Cookie: sb01 cookie
    2:25 PM: karen [email protected][2].txt (ID = 3288)
    2:25 PM: Found Spy Cookie: metareward.com cookie
    2:25 PM: karen [email protected][1].txt (ID = 2990)
    2:25 PM: Found Spy Cookie: nextag cookie
    2:25 PM: karen [email protected][2].txt (ID = 5014)
    2:25 PM: Found Spy Cookie: one-time-offer cookie
    2:25 PM: karen [email protected][1].txt (ID = 3095)
    2:25 PM: Found Spy Cookie: pub cookie
    2:25 PM: karen [email protected][1].txt (ID = 3205)
    2:25 PM: Found Spy Cookie: realmedia cookie
    2:25 PM: karen [email protected][2].txt (ID = 3235)
    2:25 PM: karen [email protected][1].txt (ID = 2729)
    2:25 PM: Found Spy Cookie: reunion cookie
    2:25 PM: karen [email protected][2].txt (ID = 3255)
    2:25 PM: karen [email protected][1].txt (ID = 2729)
    2:25 PM: karen [email protected][1].txt (ID = 2729)
    2:25 PM: Found Spy Cookie: pch cookie
    2:25 PM: karen [email protected][2].txt (ID = 3124)
    2:25 PM: karen [email protected][1].txt (ID = 2506)
    2:25 PM: Found Spy Cookie: megago cookie
    2:25 PM: karen [email protected][1].txt (ID = 2983)
    2:25 PM: karen [email protected][1].txt (ID = 2729)
    2:25 PM: Found Spy Cookie: clickxchange adware cookie
    2:25 PM: karen [email protected][1].txt (ID = 2409)
    2:25 PM: Found Spy Cookie: tendollars cookie
    2:25 PM: karen [email protected][1].txt (ID = 6367)
    2:25 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    2:25 PM: Starting File Sweep
    2:50 PM: Warning: Invalid file - not a PKZip file
    2:50 PM: Warning: Invalid file - not a PKZip file
    2:50 PM: Warning: Invalid Stream
    2:50 PM: Warning: Invalid Stream
    2:50 PM: File Sweep Complete, Elapsed Time: 00:25:33
    2:50 PM: Full Sweep has completed. Elapsed time 00:29:17
    2:50 PM: Traces Found: 28
    2:52 PM: Removal process initiated
    2:52 PM: Quarantining All Traces: 360i cookie
    2:52 PM: Quarantining All Traces: ask cookie
    2:52 PM: Quarantining All Traces: atwola cookie
    2:52 PM: Quarantining All Traces: bizrate cookie
    2:52 PM: Quarantining All Traces: clickxchange adware cookie
    2:52 PM: Quarantining All Traces: columbiahouse cookie
    2:52 PM: Quarantining All Traces: coolsavings cookie
    2:52 PM: Quarantining All Traces: dealtime cookie
    2:52 PM: Quarantining All Traces: go.com cookie
    2:52 PM: Quarantining All Traces: ic-live cookie
    2:52 PM: Quarantining All Traces: megago cookie
    2:52 PM: Quarantining All Traces: metareward.com cookie
    2:52 PM: Quarantining All Traces: nextag cookie
    2:52 PM: Quarantining All Traces: one-time-offer cookie
    2:52 PM: Quarantining All Traces: pch cookie
    2:52 PM: Quarantining All Traces: pub cookie
    2:52 PM: Quarantining All Traces: realmedia cookie
    2:52 PM: Quarantining All Traces: reunion cookie
    2:52 PM: Quarantining All Traces: sb01 cookie
    2:52 PM: Quarantining All Traces: tendollars cookie
    2:52 PM: Quarantining All Traces: websponsors cookie
    2:52 PM: Removal process completed. Elapsed time 00:00:04
    ********
    2:19 PM: | Start of Session, Wednesday, July 12, 2006 |
    2:19 PM: Spy Sweeper started
    2:20 PM: Your spyware definitions have been updated.
    2:21 PM: | End of Session, Wednesday, July 12, 2006 |

    ====================================================

    Panda ActiveScan results:


    Incident Status Location

    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.statcounter.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.go.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.atwola.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.apmebf.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.bravenet.com/]
    Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Bob Evans\Application Data\Mozilla\Firefox\Profiles\default.di4\cookies.txt[.anm.co.uk/]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Bob Evans\Desktop\Unused Desktop Shortcuts\VundoFix\VundoFix\process.exe
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Karen King\Cookies\karen [email protected][2].txt


    ===============================================

    I did an Ewido scan and got some stuff out too, but forgot to save a report of that one, sorry. :(

    Any Help appreciated.
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Looks fine - all they found were cookies

    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    ===============
    In firefox - TOOLS - OPTIONS - PRIVACY - COOKIES - Check originating site only
     
  3. GrumpyHermit

    GrumpyHermit Thread Starter

    Joined:
    May 23, 2004
    Messages:
    464
    Thanks, glad to hear it!

    I'll mark it "solved," I guess. :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482647

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice