1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Spyware: WinAntiSpyWare 2007. Ugh.

Discussion in 'Virus & Other Malware Removal' started by Taves, Jul 27, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    Hey guys.

    Got hit with the auto-download from WinAntiSpyware. Pop-ups now constantly hit me each time I open a new browser with Internet Explorer. Running on Windows XP Media Center Edition. Dell Dimension XPS_Gen_3.

    I'll try to do my best here giving as much info as I can. I read up in other threads the programs you were using to get logs and such (HijackThis, ComboFix). This is what I got for you so far:





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:30:27 AM, on 7/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PerSono\perstray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.scad.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Perstray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3189f083dc2c58dc8320/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148575430453
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    --
    End of file - 11174 bytes










    "SCAD - Adam Toews" - 2007-07-27 4:12:21 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
    C:\Program Files\Common Files\companion wizard
    C:\Program Files\quick links
    C:\Program Files\quick links\Uninst.log
    C:\Program Files\winupdates
    C:\WINDOWS\6756.exe
    C:\WINDOWS\system32\b02FdUe
    C:\WINDOWS\system32\stera.job
    C:\WINDOWS\system32\stera.log


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_FOPN


    ((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


    2007-07-27 04:10 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-27 04:07 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-26 04:55 1,734,750 ---hs---- C:\WINDOWS\SYSTEM32\npqss.bak1
    2007-07-26 04:54 228,960 --a------ C:\WINDOWS\SYSTEM32\ssqpn.dll
    2007-07-26 04:53 31,254 --a------ C:\WINDOWS\SYSTEM32\yayxyww.dll
    2007-07-26 04:49 31,254 --a------ C:\WINDOWS\SYSTEM32\ljjhige.dll
    2007-07-26 04:49 <DIR> d-------- C:\Temp\brr
    2007-07-26 04:49 <DIR> d-------- C:\Temp
    2007-07-12 04:39 <DIR> d-------- C:\DOCUME~1\SCAD-A~1\APPLIC~1\acccore
    2007-06-29 21:35 <DIR> d--h----- C:\WINDOWS\PIF
    2007-06-27 03:49 284 --a------ C:\DOCUME~1\SCAD-A~1\APPLIC~1\ViewerApp.dat
    2007-06-27 03:32 5,376 --a------ C:\WINDOWS\SYSTEM32\MSPCLOCK.sys
    2007-06-27 03:15 <DIR> d-------- C:\Program Files\PIXELA
    2007-06-27 03:13 6,097 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcb.sys
    2007-06-27 03:13 53,248 --a------ C:\WINDOWS\SYSTEM32\SONYHCY.DLL
    2007-06-27 03:13 38,739 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcc.sys
    2007-06-27 03:13 3,654 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Sonyhcp.dll
    2007-06-27 03:13 299,923 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys
    2007-06-27 03:12 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
    2007-06-27 03:12 854,528 --------- C:\WINDOWS\SYSTEM32\Ltwvc12n.dll
    2007-06-27 03:12 78,336 --------- C:\WINDOWS\SYSTEM32\LFFAX12n.DLL
    2007-06-27 03:12 43,008 --------- C:\WINDOWS\SYSTEM32\lfgif12n.dll
    2007-06-27 03:12 41,472 --------- C:\WINDOWS\SYSTEM32\LTTWN12n.DLL
    2007-06-27 03:12 406,528 --------- C:\WINDOWS\SYSTEM32\LTKRN12n.DLL
    2007-06-27 03:12 314,880 --------- C:\WINDOWS\SYSTEM32\LFCMP12n.DLL
    2007-06-27 03:12 278,528 --------- C:\WINDOWS\SYSTEM32\LTDIS12n.DLL
    2007-06-27 03:12 25,600 --------- C:\WINDOWS\SYSTEM32\lfavi12n.dll
    2007-06-27 03:12 227,840 --------- C:\WINDOWS\SYSTEM32\LTEFX12n.DLL
    2007-06-27 03:12 166,400 --------- C:\WINDOWS\SYSTEM32\LTIMG12n.DLL
    2007-06-27 03:12 155,648 --------- C:\WINDOWS\SYSTEM32\LFTIF12n.DLL
    2007-06-27 03:12 13,567 --------- C:\WINDOWS\SYSTEM32\DRIVERS\CDRBSDRV.SYS
    2007-06-27 03:12 122,368 --------- C:\WINDOWS\SYSTEM32\LTFIL12n.DLL
    2007-06-27 03:12 121,856 --------- C:\WINDOWS\SYSTEM32\lfmpg12n.dll
    2007-06-27 03:12 102,220 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys
    2007-06-27 03:12 <DIR> d-------- C:\Program Files\Sony Corporation
    2007-06-27 03:12 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-27 08:17:08 336 ----a-w C:\WINDOWS\system32\tablet.dat
    2007-07-27 08:16:05 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
    2007-07-27 08:16:05 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
    2007-07-26 22:15:25 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-22 23:18:14 -------- d-----w C:\Program Files\iTunes
    2007-07-22 23:18:14 -------- d-----w C:\Program Files\Incomplete
    2007-07-12 05:17:30 -------- d-----w C:\Program Files\Warcraft III
    2007-06-27 07:15:56 50 ----a-w C:\AUTOEXEC.BAT
    2007-06-26 08:59:44 25,256 ----a-w C:\DOCUME~1\SCAD-A~1\APPLIC~1\wklnhst.dat
    2007-06-25 17:18:08 -------- d-----w C:\Program Files\Google
    2007-06-20 22:07:52 -------- d-----w C:\Program Files\Toon Boom Animation
    2007-06-20 18:35:12 -------- d-----w C:\Program Files\Viewpoint
    2007-06-18 01:48:35 -------- d-----w C:\Program Files\support.com
    2007-05-23 01:37:14 76,333 -c--a-w C:\WINDOWS\War3Unin.dat
    2007-05-22 06:15:00 2,829 -c--a-w C:\WINDOWS\War3Unin.pif
    2007-05-22 06:15:00 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2006-05-01 01:17:17 85,296 -c--a-w C:\DOCUME~1\SCAD-A~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2004-11-18 04:14:52 230,237 -c--a-w C:\DOCUME~1\SCAD-A~1\APPLIC~1\tvmknwrd.dll
    2006-09-19 02:28:05 56 --sh--r C:\WINDOWS\SYSTEM32\097B9C4677.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
    2007-07-26 04:49 31254 --a------ C:\WINDOWS\system32\ljjhige.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DA18AD7-BFAA-4740-BA44-9529DB4C571F}]
    2007-07-26 04:55 228960 --a------ C:\WINDOWS\system32\ssqpn.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 11:30]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18]
    "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00]
    "CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 03:56 C:\WINDOWS\SYSTEM32\regsvr32.exe]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
    "Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 18:00]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-14 01:44]
    "UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
    "HostManager"="C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe" [2006-05-09 20:24]
    "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-06-23 01:21]
    "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "DivX Player"="DivXPlayer.exe" []
    "Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 20:24]

    C:\Documents and Settings\SCAD - Adam Toews\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 02:12:18]
    DESKTOP.INI [2003-08-08 14:47:34]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 02:12:18]
    DESKTOP.INI [2003-08-08 14:47:34]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
    Perstray.lnk - C:\Program Files\PerSono\perstray.exe [2004-10-04 21:58:34]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-06-27 03:12:28]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-06-27 03:12:24]
    TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [2007-01-05 23:45:20]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{3964D8D6-86D0-493A-B460-A805B5401114}"= C:\WINDOWS\system32\ljjhige.dll [2007-07-26 04:49 31254]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhige]
    ljjhige.dll 2007-07-26 04:49 31254 C:\WINDOWS\SYSTEM32\ljjhige.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn]
    C:\WINDOWS\system32\ssqpn.dll 2007-07-26 04:55 228960 C:\WINDOWS\SYSTEM32\ssqpn.dll

    R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys
    R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\drivers\iaStor.sys
    R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys
    R0 TPkd;TPkd;C:\WINDOWS\system32\drivers\TPkd.sys
    R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
    R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
    R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
    R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys
    R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
    R2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
    R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\ehome\ehSched.exe
    R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
    R2 Haspnt;Haspnt;\??\C:\WINDOWS\system32\drivers\Haspnt.sys
    R2 maya65docserver;Maya 6.5 Documentation Server;"C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf"
    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
    R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
    R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
    R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
    R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
    R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
    R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
    R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
    R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
    R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
    R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys
    R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys
    R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
    R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
    R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    R3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
    S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
    S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
    S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
    S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\digifw.sys
    S3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys
    S3 IR500;IR500;C:\WINDOWS\system32\DRIVERS\IR500.sys
    S3 Jukebox;Jukebox;C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys
    S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
    S3 PortRst;PortRst;C:\WINDOWS\system32\DRIVERS\PortRst.sys
    S3 Sntnlusb;Rainbow USB SuperPro;C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
    S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c67c0406-ce11-11db-997b-0011115b6e41}]
    AutoRun\command- ie.exe
    explore\Command- ie.exe
    open\Command- ie.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-15 06:00:23 C:\WINDOWS\tasks\McDefragTask.job
    2007-07-01 05:00:11 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-27 04:17:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\maya65docserver]
    "ImagePath"="\"C:\Program Files\Alias\Maya6.5\docs\wrapper.exe\" -s \"C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf\""

    Completion time: 2007-07-27 4:19:04 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-27 04:18

    --- E O F ---






    If you need anything else, let me know and I'll get on it asap. Thank you guys so much!
     
  2. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    bump.
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome

    Please download VundoFix.exe to your desktop.



    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
     
  4. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    Did the VundoFix and HijackThis scans. Here's the logs:

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 12:19:12 AM 7/29/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\npqss.bak2
    C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\ssqpn.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\npqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\npqss.bak2
    C:\WINDOWS\system32\npqss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\npqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpn.dll
    C:\WINDOWS\system32\ssqpn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:49 AM, on 7/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PerSono\perstray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.scad.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3901CDFC-9B6F-4529-B647-037A96D00A04} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\ljjhige.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\qhtweuia.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Perstray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3189f083dc2c58dc8320/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148575430453
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: ljjhige - C:\WINDOWS\SYSTEM32\ljjhige.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    --
    End of file - 12147 bytes
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  6. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    ok, I went through with the webroot SpySweeper, though the actual process and instructions varied, I think it still did what needed to be done.

    The Webroot log seems to be upside down, sorry if that hinders:

    (1 of 4)

    7:39 PM: Deletion from quarantine completed. Elapsed time 00:00:02
    7:39 PM: Processing: yadro cookie
    7:39 PM: Processing: xiti cookie
    7:39 PM: Processing: wirefly cookie
    7:39 PM: Processing: pollstar cookie
    7:39 PM: Processing: bluestreak cookie
    7:39 PM: Processing: ugo cookie
    7:39 PM: Processing: ugo cookie
    7:39 PM: Processing: tacoda cookie
    7:39 PM: Processing: tacoda cookie
    7:39 PM: Processing: tacoda cookie
    7:39 PM: Processing: toplist cookie
    7:39 PM: Processing: goclick cookie
    7:39 PM: Processing: atlas dmt cookie
    7:39 PM: Processing: starware.com cookie
    7:39 PM: Processing: starware.com cookie
    7:39 PM: Processing: stlyrics cookie
    7:39 PM: Processing: statcounter cookie
    7:39 PM: Processing: serving-sys cookie
    7:39 PM: Processing: screensavers.com cookie
    7:39 PM: Processing: screensavers.com cookie
    7:39 PM: Processing: screensavers.com cookie
    7:39 PM: Processing: reliablestats cookie
    7:39 PM: Processing: specificclick.com cookie
    7:39 PM: Processing: specificclick.com cookie
    7:39 PM: Processing: 2o7.net cookie
    7:39 PM: Processing: mygeek cookie
    7:39 PM: Processing: mp3downloadhq cookie
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: gain - common components
    7:39 PM: Processing: tribalfusion cookie
    7:39 PM: Processing: pricegrabber cookie
    7:39 PM: Processing: pricegrabber cookie
    7:39 PM: Processing: netster cookie
    7:39 PM: Processing: netster cookie
    7:39 PM: Processing: nextag cookie
    7:39 PM: Processing: ru4 cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: about cookie
    7:39 PM: Processing: ic-live cookie
    7:39 PM: Processing: 180search assistant/zango
    7:39 PM: Processing: 180search assistant/zango
    7:39 PM: Processing: coremetrics cookie
    7:39 PM: Processing: pokerroom cookie
    7:39 PM: Processing: cpxinteractive cookie
    7:39 PM: Processing: clickxchange adware cookie
    7:39 PM: Processing: pch cookie
    7:39 PM: Processing: did-it cookie
    7:39 PM: Processing: gamespy cookie
    7:39 PM: Processing: yieldmanager cookie
    7:39 PM: Processing: yieldmanager cookie
    7:39 PM: Processing: servlet cookie
    7:39 PM: Processing: clickandtrack cookie
    7:39 PM: Processing: kmpads cookie
    7:39 PM: Processing: cd freaks cookie
    7:39 PM: Processing: cd freaks cookie
    7:39 PM: Processing: cd freaks cookie
    7:39 PM: Processing: fastcompany cookie
    7:39 PM: Processing: fastcompany cookie
    7:39 PM: Processing: exitexchange cookie
    7:39 PM: Processing: directtrack cookie
    7:39 PM: Processing: techtarget cookie
    7:39 PM: Processing: techtarget cookie
    7:39 PM: Processing: belnk cookie
    7:39 PM: Processing: belnk cookie
    7:39 PM: Processing: belnk cookie
    7:39 PM: Processing: askmen cookie
    7:39 PM: Processing: aptimus cookie
    7:39 PM: Processing: aptimus cookie
    7:39 PM: Processing: azjmp cookie
    7:39 PM: Processing: websponsors cookie
    7:39 PM: Processing: winantiviruspro cookie
    7:39 PM: Processing: military cookie
    7:39 PM: Processing: hbmediapro cookie
    7:39 PM: Processing: gostats cookie
    7:39 PM: Processing: goldenpalace cookie
    7:39 PM: Processing: burstbeacon cookie
    7:39 PM: Processing: a cookie
    7:39 PM: Processing: pointroll cookie
    7:39 PM: Processing: bs.serving-sys cookie
    7:39 PM: Processing: one-time-offer cookie
    7:39 PM: Processing: atwola cookie
    7:39 PM: Processing: burstnet cookie
    7:39 PM: Processing: burstnet cookie
    7:39 PM: Processing: overture cookie
    7:39 PM: Processing: overture cookie
    7:39 PM: Processing: overture cookie
    7:39 PM: Processing: adrevolver cookie
    7:39 PM: Processing: adecn cookie
    7:39 PM: Processing: advertising cookie
    7:39 PM: Processing: mediaplex cookie
    7:39 PM: Processing: tripod cookie
    7:39 PM: Processing: belointeractive cookie
    7:39 PM: Processing: belointeractive cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: go.com cookie
    7:39 PM: Processing: 360i cookie
    7:39 PM: Processing: realmedia cookie
    7:39 PM: Processing: realmedia cookie
    7:39 PM: Processing: keenvalue/perfectnav
    7:39 PM: Processing: keenvalue/perfectnav
    7:39 PM: Processing: tvmedia
    7:39 PM: Processing: ist sidefind
    7:39 PM: Processing: ebates money maker
    7:39 PM: Processing: ebates money maker
    7:39 PM: Processing: altnet
    7:39 PM: Processing: quicklink search toolbar
    7:39 PM: Processing: coolwebsearch (cws)
    7:39 PM: Processing: comet cursor
    7:39 PM: Processing: comet cursor
    7:39 PM: Processing: comet cursor
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: virtumonde
    7:39 PM: Processing: ist istbar
    7:39 PM: Deletion from quarantine initiated
    7:38 PM: None
    7:38 PM: Traces Found: 0
    7:38 PM: Memory Sweep Complete, Elapsed Time: 00:00:03
    7:38 PM: Sweep Canceled
    7:38 PM: Starting Memory Sweep
    7:38 PM: Start Custom Sweep
    7:38 PM: Sweep initiated using definitions version 956
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
    7:35 PM: Tamper Detection
    Keylogger: Off
    7:35 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    7:35 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    7:35 PM: IE Hijack Shield: Resetting Home Page value.
    IE Tracking Cookies Shield: Off
    7:35 PM: Shield States
    7:35 PM: License Check Status (0): Success
    7:35 PM: Spyware Definitions: 956
    7:35 PM: Spy Sweeper 5.5.7.48 started
    7:35 PM: Spy Sweeper 5.5.7.48 started
    7:35 PM: | Start of Session, Sunday, July 29, 2007 |
    ***************
     
  7. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    (2 of 4)


    7:12 PM: Removal process completed. Elapsed time 00:03:38
    7:12 PM: Preparing to restart your computer. Please wait...
    7:11 PM: Quarantining All Traces: 180search assistant/zango
    7:11 PM: Quarantining All Traces: yadro cookie
    7:11 PM: Quarantining All Traces: xiti cookie
    7:11 PM: Quarantining All Traces: wirefly cookie
    7:11 PM: Quarantining All Traces: winantiviruspro cookie
    7:11 PM: Quarantining All Traces: stlyrics cookie
    7:11 PM: Quarantining All Traces: pollstar cookie
    7:11 PM: Quarantining All Traces: clickxchange adware cookie
    7:11 PM: Quarantining All Traces: burstbeacon cookie
    7:11 PM: Quarantining All Traces: tripod cookie
    7:11 PM: Quarantining All Traces: tribalfusion cookie
    7:11 PM: Quarantining All Traces: toplist cookie
    7:11 PM: Quarantining All Traces: ugo cookie
    7:11 PM: Quarantining All Traces: reliablestats cookie
    7:11 PM: Quarantining All Traces: statcounter cookie
    7:11 PM: Quarantining All Traces: servlet cookie
    7:11 PM: Quarantining All Traces: serving-sys cookie
    7:11 PM: Quarantining All Traces: techtarget cookie
    7:11 PM: Quarantining All Traces: pch cookie
    7:11 PM: Quarantining All Traces: pricegrabber cookie
    7:11 PM: Quarantining All Traces: pokerroom cookie
    7:11 PM: Quarantining All Traces: one-time-offer cookie
    7:11 PM: Quarantining All Traces: nextag cookie
    7:11 PM: Quarantining All Traces: realmedia cookie
    7:11 PM: Quarantining All Traces: netster cookie
    7:11 PM: Quarantining All Traces: mygeek cookie
    7:11 PM: Quarantining All Traces: mp3downloadhq cookie
    7:11 PM: Quarantining All Traces: military cookie
    7:11 PM: Quarantining All Traces: mediaplex cookie
    7:11 PM: Quarantining All Traces: kmpads cookie
    7:11 PM: Quarantining All Traces: ic-live cookie
    7:11 PM: Quarantining All Traces: screensavers.com cookie
    7:11 PM: Quarantining All Traces: clickandtrack cookie
    7:11 PM: Quarantining All Traces: starware.com cookie
    7:11 PM: Quarantining All Traces: gostats cookie
    7:11 PM: Quarantining All Traces: goldenpalace cookie
    7:11 PM: Quarantining All Traces: goclick cookie
    7:11 PM: Quarantining All Traces: gamespy cookie
    7:11 PM: Quarantining All Traces: fastcompany cookie
    7:11 PM: Quarantining All Traces: exitexchange cookie
    7:11 PM: Quarantining All Traces: ru4 cookie
    7:11 PM: Quarantining All Traces: directtrack cookie
    7:11 PM: Quarantining All Traces: did-it cookie
    7:11 PM: Quarantining All Traces: overture cookie
    7:11 PM: Quarantining All Traces: coremetrics cookie
    7:11 PM: Quarantining All Traces: 360i cookie
    7:11 PM: Quarantining All Traces: burstnet cookie
    7:11 PM: Quarantining All Traces: bs.serving-sys cookie
    7:11 PM: Quarantining All Traces: bluestreak cookie
    7:11 PM: Quarantining All Traces: a cookie
    7:11 PM: Quarantining All Traces: azjmp cookie
    7:11 PM: Quarantining All Traces: atwola cookie
    7:11 PM: Quarantining All Traces: belnk cookie
    7:11 PM: Quarantining All Traces: atlas dmt cookie
    7:11 PM: Quarantining All Traces: askmen cookie
    7:11 PM: Quarantining All Traces: aptimus cookie
    7:11 PM: Quarantining All Traces: tacoda cookie
    7:11 PM: Quarantining All Traces: about cookie
    7:11 PM: Quarantining All Traces: advertising cookie
    7:11 PM: Quarantining All Traces: cpxinteractive cookie
    7:11 PM: Quarantining All Traces: pointroll cookie
    7:11 PM: Quarantining All Traces: cd freaks cookie
    7:11 PM: Quarantining All Traces: belointeractive cookie
    7:11 PM: Quarantining All Traces: adrevolver cookie
    7:11 PM: Quarantining All Traces: specificclick.com cookie
    7:10 PM: Quarantining All Traces: hbmediapro cookie
    7:10 PM: Quarantining All Traces: adecn cookie
    7:10 PM: Quarantining All Traces: yieldmanager cookie
    7:10 PM: Quarantining All Traces: go.com cookie
    7:10 PM: Quarantining All Traces: websponsors cookie
    7:10 PM: Quarantining All Traces: 2o7.net cookie
    7:09 PM: Quarantining All Traces: gain - common components
    7:09 PM: Quarantining All Traces: tvmedia
    7:09 PM: Quarantining All Traces: keenvalue/perfectnav
    7:09 PM: Quarantining All Traces: ist sidefind
    7:09 PM: Quarantining All Traces: webrebates
    7:09 PM: Quarantining All Traces: ebates money maker
    7:09 PM: Quarantining All Traces: altnet
    7:09 PM: Quarantining All Traces: coolwebsearch (cws)
    7:09 PM: Quarantining All Traces: quicklink search toolbar
    7:09 PM: Quarantining All Traces: comet cursor
    7:09 PM: Quarantining All Traces: cws-aboutblank
    7:09 PM: Quarantining All Traces: ist istbar
    7:09 PM: C:\WINDOWS\SYSTEM32\ljjhige.dll is in use. It will be removed on reboot.
    7:09 PM: C:\WINDOWS\SYSTEM32\vtsts.dll is in use. It will be removed on reboot.
    7:09 PM: virtumonde is in use. It will be removed on reboot.
    7:08 PM: Quarantining All Traces: virtumonde
    7:08 PM: Removal process initiated
    7:03 PM: Traces Found: 9102
    7:03 PM: Custom Sweep has completed. Elapsed time 00:33:23
    7:03 PM: HKLM\software\microsoft\juan\ (ID = 2156653)
    7:03 PM: File Sweep Complete, Elapsed Time: 00:31:00
    7:01 PM: Warning: Scan aborted for compressed file c:\program files\britannica 2004\encyclopaedia britannica 2004 deluxe edition\visnav\knav_bcd.zip as it contains more than 10 layers.
    6:57 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
    6:57 PM: C:\Program Files\Common Files\GMT\8dpou27gd6\gd\Q0TASJbQBgAAALeq-toBgnpj.gdt2 (ID = 61574)
    6:57 PM: C:\Program Files\Common Files\SearchUpgrader\system.cfg (ID = 64871)
    6:57 PM: C:\Program Files\Common Files\CMEII\store\core\odm.cfg (ID = 61553)
    6:57 PM: C:\Program Files\Common Files\GMT\20q30hz1a3\gd\Q0TASJbQBgAAALeq-toBgnpj.gdt2 (ID = 61574)
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7b00080e-9a1f-42f1-b08e-92f01d9d635a.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms488b4a7b-69e6-486e-b9ca-51142b0fea6d.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscdaf9144-d8e2-44e9-ba23-fcb323a85dc5.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4fcfc95c-0a2c-4009-ae79-62fb826e04ab.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3cf13f5c-5974-45ab-9a64-c64af879544c.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd79a7123-6809-4d74-8ec5-5f58bf1d3b18.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms932e8e13-568e-4ee2-be79-d1cd45ab87a4.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms140706e1-b5d4-417d-839a-e3480cd9b8c5.tmp". The operation completed successfully
    6:56 PM: Warning: Failed to open file "c:\windows\temp\mcmsc_h879lqjs12i4pla". The operation completed successfully
    6:56 PM: C:\Program Files\Common Files\GMT\mepcme.dat (ID = 61517)
    6:56 PM: C:\Program Files\Common Files\CMEII\store\core\syscfg (ID = 61590)
    6:56 PM: C:\Program Files\Common Files\GMT\3pe7o62c0p\gd\Q0TASJbQBgAAALeq-toBgnpj.gdt2 (ID = 61574)
    6:45 PM: C:\Program Files\Common Files\CMEII\CMEDiagnostics.log (ID = 61291)
    6:42 PM: c:\windows\downloaded program files\dm.inf (ID = 53551)
    6:42 PM: File System Shield: found: Adware: comet cursor, version 1.0.0.0
    6:42 PM: Warning: Spy/Virus found: C:\WINDOWS\DOWNLOADED PROGRAM FILES\DM.INF ProcessName: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
    6:37 PM: C:\Documents and Settings\SCAD - Adam Toews\Application Data\tvmknwrd.dll (ID = 318254)
    6:37 PM: Found Adware: tvmedia
    6:35 PM: C:\Program Files\Common Files\GMT\FillIn.wav (ID = 61352)
    6:34 PM: C:\Program Files\Common Files\CMEII\store\core\hfixcfg (ID = 61483)
    6:34 PM: C:\Program Files\Common Files\GMT\Gator.log (ID = 61386)
    6:34 PM: C:\Program Files\180searchassistant\sais_gdf.dat (ID = 93789)
    6:33 PM: C:\Program Files\Common Files\CMEII\store\core\appmgrgui.zip (ID = 61281)
    6:33 PM: C:\Program Files\180searchassistant (3 subtraces) (ID = 2147486727)
    6:33 PM: Found Adware: 180search assistant/zango
    6:33 PM: C:\Program Files\Common Files\SearchUpgrader (2 subtraces) (ID = 2147486507)
    6:33 PM: Found Adware: keenvalue/perfectnav
    6:33 PM: C:\Program Files\Common Files\CMEII (18 subtraces) (ID = 2147486350)
    6:33 PM: C:\Program Files\Common Files\GMT (8921 subtraces) (ID = 2147486351)
    6:32 PM: Starting File Sweep
    6:32 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
    6:32 PM: Cookie Sweep Complete, Elapsed Time: 00:00:10
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3749)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3743)
    6:32 PM: Found Spy Cookie: yadro cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3717)
    6:32 PM: Found Spy Cookie: xiti cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3694)
    6:32 PM: Found Spy Cookie: wirefly cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3690)
    6:32 PM: Found Spy Cookie: winantiviruspro cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3462)
    6:32 PM: Found Spy Cookie: stlyrics cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3186)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3152)
    6:32 PM: Found Spy Cookie: pollstar cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3072)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2657)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2409)
    6:32 PM: Found Spy Cookie: clickxchange adware cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2337)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2335)
    6:32 PM: Found Spy Cookie: burstbeacon cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3608)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3592)
    6:32 PM: Found Spy Cookie: tripod cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3442)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3298)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3589)
    6:32 PM: Found Spy Cookie: tribalfusion cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3557)
    6:32 PM: Found Spy Cookie: toplist cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 6444)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3609)
    6:32 PM: Found Spy Cookie: ugo cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3254)
    6:32 PM: Found Spy Cookie: reliablestats cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3447)
    6:32 PM: Found Spy Cookie: statcounter cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3399)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3345)
    6:32 PM: Found Spy Cookie: servlet cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3343)
    6:32 PM: Found Spy Cookie: serving-sys cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3500)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3500)
    6:32 PM: Found Spy Cookie: techtarget cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3297)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3124)
    6:32 PM: Found Spy Cookie: pch cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3235)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3185)
    6:32 PM: Found Spy Cookie: pricegrabber cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3149)
    6:32 PM: Found Spy Cookie: pokerroom cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3095)
    6:32 PM: Found Spy Cookie: one-time-offer cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 5014)
    6:32 PM: Found Spy Cookie: nextag cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3236)
    6:32 PM: Found Spy Cookie: realmedia cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2235)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3071)
    6:32 PM: Found Spy Cookie: netster cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3041)
    6:32 PM: Found Spy Cookie: mygeek cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3014)
    6:32 PM: Found Spy Cookie: mp3downloadhq cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2996)
    6:32 PM: Found Spy Cookie: military cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 6442)
    6:32 PM: Found Spy Cookie: mediaplex cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2909)
    6:32 PM: Found Spy Cookie: kmpads cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2821)
    6:32 PM: Found Spy Cookie: ic-live cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3298)
    6:32 PM: Found Spy Cookie: screensavers.com cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2397)
    6:32 PM: Found Spy Cookie: clickandtrack cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3442)
    6:32 PM: Found Spy Cookie: starware.com cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2728)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2747)
    6:32 PM: Found Spy Cookie: gostats cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2734)
    6:32 PM: Found Spy Cookie: goldenpalace cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2732)
    6:32 PM: Found Spy Cookie: goclick cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2719)
    6:32 PM: Found Spy Cookie: gamespy cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2655)
    6:32 PM: Found Spy Cookie: fastcompany cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2633)
    6:32 PM: Found Spy Cookie: exitexchange cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3269)
    6:32 PM: Found Spy Cookie: ru4 cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2528)
    6:32 PM: Found Spy Cookie: directtrack cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2293)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2523)
    6:32 PM: Found Spy Cookie: did-it cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3106)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3106)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3106)
    6:32 PM: Found Spy Cookie: overture cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2472)
    6:32 PM: Found Spy Cookie: coremetrics cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 1962)
    6:32 PM: Found Spy Cookie: 360i cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2371)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2370)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2336)
    6:32 PM: Found Spy Cookie: burstnet cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2330)
    6:32 PM: Found Spy Cookie: bs.serving-sys cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2314)
    6:32 PM: Found Spy Cookie: bluestreak cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2294)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2292)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2027)
    6:32 PM: Found Spy Cookie: a cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2270)
    6:32 PM: Found Spy Cookie: azjmp cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2255)
    6:32 PM: Found Spy Cookie: atwola cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2293)
    6:32 PM: Found Spy Cookie: belnk cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2253)
    6:32 PM: Found Spy Cookie: atlas dmt cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2247)
    6:32 PM: Found Spy Cookie: askmen cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2233)
    6:32 PM: Found Spy Cookie: aptimus cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2038)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 6445)
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 6445)
    6:32 PM: Found Spy Cookie: tacoda cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2038)
    6:32 PM: Found Spy Cookie: about cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2175)
    6:32 PM: Found Spy Cookie: advertising cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 8939)
    6:32 PM: Found Spy Cookie: cpxinteractive cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3148)
    6:32 PM: Found Spy Cookie: pointroll cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2371)
    6:32 PM: Found Spy Cookie: cd freaks cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2295)
    6:32 PM: Found Spy Cookie: belointeractive cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2088)
     
  8. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    (3 of 4)

    6:32 PM: Found Spy Cookie: adrevolver cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 3400)
    6:32 PM: Found Spy Cookie: specificclick.com cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][2].txt (ID = 2768)
    6:32 PM: Found Spy Cookie: hbmediapro cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2063)
    6:32 PM: Found Spy Cookie: adecn cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3751)
    6:32 PM: Found Spy Cookie: yieldmanager cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 2729)
    6:32 PM: Found Spy Cookie: go.com cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 3665)
    6:32 PM: Found Spy Cookie: websponsors cookie
    6:32 PM: c:\documents and settings\scad - adam toews\cookies\scad - adam [email protected][1].txt (ID = 1957)
    6:32 PM: Found Spy Cookie: 2o7.net cookie
    6:32 PM: Starting Cookie Sweep
    6:32 PM: Registry Sweep Complete, Elapsed Time:00:00:18
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\windows\currentversion\ext\stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6}\ (ID = 1922744)
    6:32 PM: Found Adware: coolwebsearch (cws)
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
    6:32 PM: Found Adware: ist sidefind
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (ID = 125589)
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (ID = 125589)
    6:32 PM: Found Adware: webrebates
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
    6:32 PM: Found Adware: ebates money maker
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
    6:32 PM: HKU\S-1-5-21-2749377866-2736417137-3302068212-1005\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
    6:32 PM: Found Adware: cws-aboutblank
    6:32 PM: HKLM\software\microsoft\aoprndtws\ (ID = 2128500)
    6:32 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\vtsts\ (ID = 1590579)
    6:32 PM: HKLM\software\ql\ (ID = 359458)
    6:32 PM: Found Adware: quicklink search toolbar
    6:32 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\istbaristbar\ (ID = 129119)
    6:32 PM: Found Adware: ist istbar
    6:32 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hdplugin1019.dll (ID = 126786)
    6:32 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdplugin1019.dll\ (ID = 126765)
    6:32 PM: Found Adware: gain - common components
    6:32 PM: HKLM\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686}\ (ID = 106526)
    6:32 PM: HKLM\software\classes\appid\dmserver.exe\ (ID = 106525)
    6:32 PM: HKCR\appid\{bac984c9-78c8-4105-9e97-1675a4052686}\ (ID = 106304)
    6:32 PM: HKCR\appid\dmserver.exe\ (ID = 106303)
    6:32 PM: Found Adware: comet cursor
    6:32 PM: HKCR\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}\ (ID = 103460)
    6:32 PM: Found Adware: altnet
    6:32 PM: Starting Registry Sweep
    6:32 PM: Memory Sweep Complete, Elapsed Time: 00:01:50
    6:30 PM: Detected running threat: C:\WINDOWS\SYSTEM32\ljjhige.dll (ID = 676)
    6:30 PM: Detected running threat: C:\WINDOWS\SYSTEM32\vtsts.dll (ID = 676)
    6:30 PM: Found Adware: virtumonde
    6:30 PM: Starting Memory Sweep
    6:30 PM: Start Custom Sweep
    6:30 PM: Sweep initiated using definitions version 956
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE
    6:26 PM: Tamper Detection
    6:25 PM: Access to Hosts file blocked for C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE
    6:25 PM: Access to Hosts file blocked for C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSYSMON.EXE
    6:24 PM: The Internet Communication shield has blocked access to: 82.98.235.61
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
    6:24 PM: Tamper Detection
    Keylogger: Off
    6:24 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    6:24 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:23 PM: Shield States
    6:23 PM: License Check Status (0): Success
    6:23 PM: Spyware Definitions: 956
    6:23 PM: Spy Sweeper 5.5.7.48 started
    6:23 PM: Spy Sweeper 5.5.7.48 started
    6:23 PM: | Start of Session, Sunday, July 29, 2007 |
    ***************
     
  9. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    (4 of 4)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:40:34 PM, on 7/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PerSono\perstray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.scad.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3901CDFC-9B6F-4529-B647-037A96D00A04} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\qhtweuia.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
    O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Perstray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3189f083dc2c58dc8320/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148575430453
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 12189 bytes
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

    O2 - BHO: (no name) - {3901CDFC-9B6F-4529-B647-037A96D00A04} - C:\WINDOWS\system32\ssqpn.dll (file missing)

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\qhtweuia.dll

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3189f083...p/RdxIE601.cab


    Reboot and post another Hijack This log please.
     
  11. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    Ran both.
    Everything seemed to go fine.






    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\pdictoty

    *******************

    Script file located at: \??\C:\Documents and Settings\smnyrapx.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\qhtweuia.dll deleted successfully.


    File C:\WINDOWS\SYSTEM32\npqss.bak1 not found!
    Deletion of file C:\WINDOWS\SYSTEM32\npqss.bak1 failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\npqss.bak1
    Status: 0xc0000034



    File C:\WINDOWS\SYSTEM32\ssqpn.dll not found!
    Deletion of file C:\WINDOWS\SYSTEM32\ssqpn.dll failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\ssqpn.dll
    Status: 0xc0000034

    File C:\WINDOWS\SYSTEM32\yayxyww.dll deleted successfully.


    File C:\WINDOWS\SYSTEM32\ljjhige.dll not found!
    Deletion of file C:\WINDOWS\SYSTEM32\ljjhige.dll failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\ljjhige.dll
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.









    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:44:45 PM, on 7/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\PerSono\perstray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.scad.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
    O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159473560\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Perstray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148575430453
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 11648 bytes
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Great. How are things now?
     
  13. Taves

    Taves Thread Starter

    Joined:
    Jul 27, 2007
    Messages:
    9
    Everything seems to be in working order!

    I uninstalled the Webroot Spy Sweeper program, because it had trouble loading sometimes when the computer was reset or booted up, in turning, slowing everything else down.

    But no more pop ups! Atleast, here's to hoping.

    Thank you so much for the help. I appareciate it more then I can say. You guys all do great things for people on a a regular basis.

    Thanks again!
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome :)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Spyware WinAntiSpyWare
  1. TeeTee7
    Replies:
    1
    Views:
    724
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/601250

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice