1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Still having trouble with Spyware

Discussion in 'Virus & Other Malware Removal' started by doorag, Jan 22, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. doorag

    doorag Guest Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    22
    Yeah its the new kid on the block. My computer is still getting infected with spyware. I can't get this stuff to stop popping up. If I do a system restore back to the date I got the computer will that make it go away?:confused:
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.
     
  3. doorag

    doorag Guest Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    22
    Hey Khazars. Thanks for replying. Sorry for the wait I hope your still there. I already have Hijackthis so heres the logfile. Ialso have ewido so I'll place a copy of that scan to. Well I 'm just going to put the couple that I saved. Hopefully this will help you to help me.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:49:34 AM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:20:47 AM, 1/22/2006
    + Report-Checksum: EA471F9A

    + Scan result:

    No infected objects found.


    ::Report End

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 3:42:51 PM, 1/20/2006
    + Report-Checksum: 71E7D539

    + Scan result:

    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup


    ::Report End

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:49:43 AM, 1/19/2006
    + Report-Checksum: 9D32F093

    + Scan result:

    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup


    ::Report End

    Oh yeah while I'm bugging you can I do a start-run-%temp%-select all and delete without losing anything important?
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    I don't see anything in your log, and nothing in the ewido scan log, are you getting nay pop ups or reports from your security programmes of spyware?


    Make sure you disable ewido's security guard as it can interfere with the removla of virses/spyware etc!


    you don't appear to have a firewall, even if you have a router you still need
    a software frewall, downlaod the one from the link below!

    Filseclab Personal Firewall Professional Edition

    http://www.filseclab.com/eng/download/downloads.htm

    http://www.wilderssecurity.com/showthread.php?t=92710



    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

    http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129


    * Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits
    o Please UNCHECK Do not Sweep System Restore Folder.
    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.


    download cleanup


    http://www.stevengould.org/software/cleanup/download.html


    * A window will open and choose SAVE, then DESKTOP as the destination.
    * On your Desktop, click on Cleanup40.exe icon.
    * Then, click RUN and place a checkmark beside "I Agree"
    * Then click NEXT followed by START and OK.
    * A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    * Click OK
    * run cleanup



    Run an online antivirus check from

    http://www.kaspersky.com/virusscanner

    choose extended database for the scan!



    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!



    post another hijack this log, the kaspersky and active scan logs
     
  5. doorag

    doorag Guest Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    22
    heres the log. I seen something that showed up with my original problem. I hope this gets all of it I'm on to the next step.:p


    10:32 AM: | Start of Session, Sunday, January 22, 2006 |
    10:32 AM: Spy Sweeper started
    10:32 AM: Sweep initiated using definitions version 604
    10:32 AM: Starting Memory Sweep
    10:36 AM: Memory Sweep Complete, Elapsed Time: 00:04:24
    10:36 AM: Starting Registry Sweep
    10:37 AM: Found Adware: weirdontheweb
    10:37 AM: HKCR\amnotifier.hubawindow\ (5 subtraces) (ID = 866632)
    10:37 AM: HKCR\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866638)
    10:37 AM: Found Adware: mediapipe
    10:37 AM: HKCR\downloadmanager.manager\ (5 subtraces) (ID = 866642)
    10:37 AM: HKCR\downloadmanager.manager.1\ (3 subtraces) (ID = 866648)
    10:37 AM: HKCR\mpagent.agent\ (5 subtraces) (ID = 866662)
    10:37 AM: HKCR\mpagent.agent.1\ (3 subtraces) (ID = 866668)
    10:37 AM: HKCR\appid\amnotifier.exe\ (1 subtraces) (ID = 866682)
    10:37 AM: HKCR\appid\downloadmanager.exe\ (1 subtraces) (ID = 866684)
    10:37 AM: HKCR\appid\mpagent.dll\ (1 subtraces) (ID = 866688)
    10:37 AM: HKCR\appid\trayicon.exe\ (1 subtraces) (ID = 866692)
    10:37 AM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866694)
    10:37 AM: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866698)
    10:37 AM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866702)
    10:37 AM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866704)
    10:37 AM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866706)
    10:37 AM: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 866735)
    10:37 AM: Found Trojan Horse: p2pnetwork
    10:37 AM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 866747)
    10:37 AM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 866796)
    10:37 AM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 866816)
    10:37 AM: HKCR\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 866826)
    10:37 AM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 866836)
    10:37 AM: HKLM\software\mediapipe\ (16 subtraces) (ID = 866893)
    10:37 AM: HKLM\software\classes\amnotifier.hubawindow\ (5 subtraces) (ID = 866911)
    10:37 AM: HKLM\software\classes\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866917)
    10:37 AM: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (1 subtraces) (ID = 866919)
    10:37 AM: HKLM\software\classes\downloadmanager.manager\ (5 subtraces) (ID = 866921)
    10:37 AM: HKLM\software\classes\downloadmanager.manager.1\ (3 subtraces) (ID = 866927)
    10:37 AM: HKLM\software\classes\mpagent.agent\ (5 subtraces) (ID = 866941)
    10:37 AM: HKLM\software\classes\mpagent.agent.1\ (3 subtraces) (ID = 866947)
    10:37 AM: HKLM\software\classes\appid\amnotifier.exe\ (1 subtraces) (ID = 866961)
    10:37 AM: HKLM\software\classes\appid\downloadmanager.exe\ (1 subtraces) (ID = 866963)
    10:37 AM: HKLM\software\classes\appid\mpagent.dll\ (1 subtraces) (ID = 866967)
    10:37 AM: HKLM\software\classes\appid\trayicon.exe\ (1 subtraces) (ID = 866971)
    10:37 AM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866973)
    10:37 AM: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866977)
    10:37 AM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866981)
    10:37 AM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866983)
    10:37 AM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866985)
    10:37 AM: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 867014)
    10:37 AM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 867026)
    10:37 AM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 867075)
    10:37 AM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 867095)
    10:37 AM: HKLM\software\classes\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 867105)
    10:37 AM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 867115)
    10:37 AM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
    10:37 AM: HKLM\software\itbill\ (36 subtraces) (ID = 1100414)
    10:37 AM: Registry Sweep Complete, Elapsed Time:00:00:29
    10:37 AM: Starting Cookie Sweep
    10:37 AM: Found Spy Cookie: primaryads cookie
    10:37 AM: [email protected][2].txt (ID = 3190)
    10:37 AM: Found Spy Cookie: websponsors cookie
    10:37 AM: [email protected][2].txt (ID = 3665)
    10:37 AM: Found Spy Cookie: adknowledge cookie
    10:37 AM: [email protected][1].txt (ID = 2072)
    10:37 AM: Found Spy Cookie: adrevolver cookie
    10:37 AM: [email protected][1].txt (ID = 2088)
    10:37 AM: [email protected][2].txt (ID = 2088)
    10:37 AM: Found Spy Cookie: apmebf cookie
    10:37 AM: [email protected][2].txt (ID = 2229)
    10:37 AM: Found Spy Cookie: aptimus cookie
    10:37 AM: [email protected][2].txt (ID = 2233)
    10:37 AM: Found Spy Cookie: ask cookie
    10:37 AM: [email protected][1].txt (ID = 2245)
    10:37 AM: Found Spy Cookie: atwola cookie
    10:37 AM: [email protected][1].txt (ID = 2255)
    10:37 AM: Found Spy Cookie: azjmp cookie
    10:37 AM: [email protected][1].txt (ID = 2270)
    10:37 AM: Found Spy Cookie: belnk cookie
    10:37 AM: [email protected][1].txt (ID = 2292)
    10:37 AM: Found Spy Cookie: bravenet cookie
    10:37 AM: [email protected][1].txt (ID = 2322)
    10:37 AM: Found Spy Cookie: ccbill cookie
    10:37 AM: [email protected][2].txt (ID = 2369)
    10:37 AM: Found Spy Cookie: classmates cookie
    10:37 AM: [email protected][2].txt (ID = 2384)
    10:37 AM: Found Spy Cookie: coolsavings cookie
    10:37 AM: [email protected][2].txt (ID = 2465)
    10:37 AM: Found Spy Cookie: directtrack cookie
    10:37 AM: [email protected][1].txt (ID = 2527)
    10:37 AM: [email protected][2].txt (ID = 2293)
    10:37 AM: Found Spy Cookie: iwon cookie
    10:37 AM: [email protected][1].txt (ID = 2884)
    10:37 AM: [email protected][1].txt (ID = 2883)
    10:37 AM: Found Spy Cookie: sb01 cookie
    10:37 AM: [email protected][2].txt (ID = 3288)
    10:37 AM: Found Spy Cookie: metareward.com cookie
    10:37 AM: [email protected][1].txt (ID = 2990)
    10:37 AM: [email protected][2].txt (ID = 2235)
    10:37 AM: Found Spy Cookie: realmedia cookie
    10:37 AM: [email protected][1].txt (ID = 3235)
    10:37 AM: [email protected][1].txt (ID = 2466)
    10:37 AM: [email protected][2].txt (ID = 2528)
    10:37 AM: Found Spy Cookie: tickle cookie
    10:37 AM: [email protected][2].txt (ID = 3529)
    10:37 AM: Found Spy Cookie: tripod cookie
    10:37 AM: [email protected][1].txt (ID = 3591)
    10:37 AM: [email protected][1].txt (ID = 2991)
    10:37 AM: Found Spy Cookie: franklinsurveys cookie
    10:37 AM: [email protected][1].txt (ID = 2689)
    10:37 AM: Found Spy Cookie: zedo cookie
    10:37 AM: [email protected][1].txt (ID = 3762)
    10:37 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
    10:37 AM: Starting File Sweep
    10:37 AM: c:\my accessmedia (1 subtraces) (ID = -2147469182)
    10:37 AM: a0006722.exe (ID = 162703)
    10:39 AM: Found Adware: networkessentials
    10:39 AM: a0006708.dll (ID = 71040)
    10:39 AM: a0006710.dll (ID = 71040)
    10:51 AM: Found Adware: whenu savenow
    10:51 AM: a0004531.exe (ID = 188685)
    10:53 AM: mediapipe.lnk (ID = 201284)
    10:53 AM: mediapipe.ini (ID = 162695)
    10:53 AM: a0006733.ini (ID = 162695)
    10:56 AM: Warning: Invalid file - not a PKZip file
    10:56 AM: File Sweep Complete, Elapsed Time: 00:19:20
    10:56 AM: Full Sweep has completed. Elapsed time 00:24:23
    10:56 AM: Traces Found: 342
    11:02 AM: Removal process initiated
    11:02 AM: Quarantining All Traces: p2pnetwork
    11:02 AM: Quarantining All Traces: mediapipe
    11:03 AM: Quarantining All Traces: networkessentials
    11:03 AM: Quarantining All Traces: weirdontheweb
    11:03 AM: Quarantining All Traces: adknowledge cookie
    11:03 AM: Quarantining All Traces: adrevolver cookie
    11:03 AM: Quarantining All Traces: apmebf cookie
    11:03 AM: Quarantining All Traces: aptimus cookie
    11:03 AM: Quarantining All Traces: ask cookie
    11:03 AM: Quarantining All Traces: atwola cookie
    11:03 AM: Quarantining All Traces: azjmp cookie
    11:03 AM: Quarantining All Traces: belnk cookie
    11:03 AM: Quarantining All Traces: bravenet cookie
    11:03 AM: Quarantining All Traces: ccbill cookie
    11:03 AM: Quarantining All Traces: classmates cookie
    11:03 AM: Quarantining All Traces: coolsavings cookie
    11:03 AM: Quarantining All Traces: directtrack cookie
    11:03 AM: Quarantining All Traces: franklinsurveys cookie
    11:03 AM: Quarantining All Traces: iwon cookie
    11:03 AM: Quarantining All Traces: metareward.com cookie
    11:03 AM: Quarantining All Traces: primaryads cookie
    11:03 AM: Quarantining All Traces: realmedia cookie
    11:03 AM: Quarantining All Traces: sb01 cookie
    11:03 AM: Quarantining All Traces: tickle cookie
    11:03 AM: Quarantining All Traces: tripod cookie
    11:03 AM: Quarantining All Traces: websponsors cookie
    11:03 AM: Quarantining All Traces: whenu savenow
    11:03 AM: Quarantining All Traces: zedo cookie
    11:03 AM: Removal process completed. Elapsed time 00:00:23
    ********
    10:27 AM: | Start of Session, Sunday, January 22, 2006 |
    10:27 AM: Spy Sweeper started
    10:28 AM: Your spyware definitions have been updated.
    10:32 AM: | End of Session, Sunday, January 22, 2006 |
    RE OF MOVIELAND.COM Thats how this all started
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok post the other logs when finished!
     
  7. doorag

    doorag Guest Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    22
    Well here is the log I actually had to run it twice. There was some type of problem with someone trying to reset the default settings in my money acct. when I tried to run the online scanner from this site http://www.kaspersky.com/virusscanner I haven't done anything since that happened so what should I do now?

    ********
    11:42 AM: | Start of Session, Sunday, January 22, 2006 |
    11:42 AM: Spy Sweeper started
    11:42 AM: Sweep initiated using definitions version 604
    11:42 AM: Starting Memory Sweep
    11:47 AM: Memory Sweep Complete, Elapsed Time: 00:05:22
    11:47 AM: Starting Registry Sweep
    11:48 AM: Registry Sweep Complete, Elapsed Time:00:01:05
    11:48 AM: Starting Cookie Sweep
    11:48 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    11:49 AM: Starting File Sweep
    11:49 AM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
    12:02 PM: Found Adware: mediapipe
    12:02 PM: a0007825.ini (ID = 162695)
    12:06 PM: File Sweep Complete, Elapsed Time: 00:17:17
    12:06 PM: Full Sweep has completed. Elapsed time 00:23:53
    12:06 PM: Traces Found: 1
    ********
    10:32 AM: | Start of Session, Sunday, January 22, 2006 |
    10:32 AM: Spy Sweeper started
    10:32 AM: Sweep initiated using definitions version 604
    10:32 AM: Starting Memory Sweep
    10:36 AM: Memory Sweep Complete, Elapsed Time: 00:04:24
    10:36 AM: Starting Registry Sweep
    10:37 AM: Found Adware: weirdontheweb
    10:37 AM: HKCR\amnotifier.hubawindow\ (5 subtraces) (ID = 866632)
    10:37 AM: HKCR\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866638)
    10:37 AM: Found Adware: mediapipe
    10:37 AM: HKCR\downloadmanager.manager\ (5 subtraces) (ID = 866642)
    10:37 AM: HKCR\downloadmanager.manager.1\ (3 subtraces) (ID = 866648)
    10:37 AM: HKCR\mpagent.agent\ (5 subtraces) (ID = 866662)
    10:37 AM: HKCR\mpagent.agent.1\ (3 subtraces) (ID = 866668)
    10:37 AM: HKCR\appid\amnotifier.exe\ (1 subtraces) (ID = 866682)
    10:37 AM: HKCR\appid\downloadmanager.exe\ (1 subtraces) (ID = 866684)
    10:37 AM: HKCR\appid\mpagent.dll\ (1 subtraces) (ID = 866688)
    10:37 AM: HKCR\appid\trayicon.exe\ (1 subtraces) (ID = 866692)
    10:37 AM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866694)
    10:37 AM: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866698)
    10:37 AM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866702)
    10:37 AM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866704)
    10:37 AM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866706)
    10:37 AM: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 866735)
    10:37 AM: Found Trojan Horse: p2pnetwork
    10:37 AM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 866747)
    10:37 AM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 866796)
    10:37 AM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 866816)
    10:37 AM: HKCR\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 866826)
    10:37 AM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 866836)
    10:37 AM: HKLM\software\mediapipe\ (16 subtraces) (ID = 866893)
    10:37 AM: HKLM\software\classes\amnotifier.hubawindow\ (5 subtraces) (ID = 866911)
    10:37 AM: HKLM\software\classes\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866917)
    10:37 AM: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (1 subtraces) (ID = 866919)
    10:37 AM: HKLM\software\classes\downloadmanager.manager\ (5 subtraces) (ID = 866921)
    10:37 AM: HKLM\software\classes\downloadmanager.manager.1\ (3 subtraces) (ID = 866927)
    10:37 AM: HKLM\software\classes\mpagent.agent\ (5 subtraces) (ID = 866941)
    10:37 AM: HKLM\software\classes\mpagent.agent.1\ (3 subtraces) (ID = 866947)
    10:37 AM: HKLM\software\classes\appid\amnotifier.exe\ (1 subtraces) (ID = 866961)
    10:37 AM: HKLM\software\classes\appid\downloadmanager.exe\ (1 subtraces) (ID = 866963)
    10:37 AM: HKLM\software\classes\appid\mpagent.dll\ (1 subtraces) (ID = 866967)
    10:37 AM: HKLM\software\classes\appid\trayicon.exe\ (1 subtraces) (ID = 866971)
    10:37 AM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866973)
    10:37 AM: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866977)
    10:37 AM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866981)
    10:37 AM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866983)
    10:37 AM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866985)
    10:37 AM: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 867014)
    10:37 AM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 867026)
    10:37 AM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 867075)
    10:37 AM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 867095)
    10:37 AM: HKLM\software\classes\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 867105)
    10:37 AM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 867115)
    10:37 AM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
    10:37 AM: HKLM\software\itbill\ (36 subtraces) (ID = 1100414)
    10:37 AM: Registry Sweep Complete, Elapsed Time:00:00:29
    10:37 AM: Starting Cookie Sweep
    10:37 AM: Found Spy Cookie: primaryads cookie
    10:37 AM: [email protected][2].txt (ID = 3190)
    10:37 AM: Found Spy Cookie: websponsors cookie
    10:37 AM: [email protected][2].txt (ID = 3665)
    10:37 AM: Found Spy Cookie: adknowledge cookie
    10:37 AM: [email protected][1].txt (ID = 2072)
    10:37 AM: Found Spy Cookie: adrevolver cookie
    10:37 AM: [email protected][1].txt (ID = 2088)
    10:37 AM: [email protected][2].txt (ID = 2088)
    10:37 AM: Found Spy Cookie: apmebf cookie
    10:37 AM: [email protected][2].txt (ID = 2229)
    10:37 AM: Found Spy Cookie: aptimus cookie
    10:37 AM: [email protected][2].txt (ID = 2233)
    10:37 AM: Found Spy Cookie: ask cookie
    10:37 AM: [email protected][1].txt (ID = 2245)
    10:37 AM: Found Spy Cookie: atwola cookie
    10:37 AM: [email protected][1].txt (ID = 2255)
    10:37 AM: Found Spy Cookie: azjmp cookie
    10:37 AM: [email protected][1].txt (ID = 2270)
    10:37 AM: Found Spy Cookie: belnk cookie
    10:37 AM: [email protected][1].txt (ID = 2292)
    10:37 AM: Found Spy Cookie: bravenet cookie
    10:37 AM: [email protected][1].txt (ID = 2322)
    10:37 AM: Found Spy Cookie: ccbill cookie
    10:37 AM: [email protected][2].txt (ID = 2369)
    10:37 AM: Found Spy Cookie: classmates cookie
    10:37 AM: [email protected][2].txt (ID = 2384)
    10:37 AM: Found Spy Cookie: coolsavings cookie
    10:37 AM: [email protected][2].txt (ID = 2465)
    10:37 AM: Found Spy Cookie: directtrack cookie
    10:37 AM: [email protected][1].txt (ID = 2527)
    10:37 AM: [email protected][2].txt (ID = 2293)
    10:37 AM: Found Spy Cookie: iwon cookie
    10:37 AM: [email protected][1].txt (ID = 2884)
    10:37 AM: [email protected][1].txt (ID = 2883)
    10:37 AM: Found Spy Cookie: sb01 cookie
    10:37 AM: [email protected][2].txt (ID = 3288)
    10:37 AM: Found Spy Cookie: metareward.com cookie
    10:37 AM: [email protected][1].txt (ID = 2990)
    10:37 AM: [email protected][2].txt (ID = 2235)
    10:37 AM: Found Spy Cookie: realmedia cookie
    10:37 AM: [email protected][1].txt (ID = 3235)
    10:37 AM: [email protected][1].txt (ID = 2466)
    10:37 AM: [email protected][2].txt (ID = 2528)
    10:37 AM: Found Spy Cookie: tickle cookie
    10:37 AM: [email protected][2].txt (ID = 3529)
    10:37 AM: Found Spy Cookie: tripod cookie
    10:37 AM: [email protected][1].txt (ID = 3591)
    10:37 AM: [email protected][1].txt (ID = 2991)
    10:37 AM: Found Spy Cookie: franklinsurveys cookie
    10:37 AM: [email protected][1].txt (ID = 2689)
    10:37 AM: Found Spy Cookie: zedo cookie
    10:37 AM: [email protected][1].txt (ID = 3762)
    10:37 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
    10:37 AM: Starting File Sweep
    10:37 AM: c:\my accessmedia (1 subtraces) (ID = -2147469182)
    10:37 AM: a0006722.exe (ID = 162703)
    10:39 AM: Found Adware: networkessentials
    10:39 AM: a0006708.dll (ID = 71040)
    10:39 AM: a0006710.dll (ID = 71040)
    10:51 AM: Found Adware: whenu savenow
    10:51 AM: a0004531.exe (ID = 188685)
    10:53 AM: mediapipe.lnk (ID = 201284)
    10:53 AM: mediapipe.ini (ID = 162695)
    10:53 AM: a0006733.ini (ID = 162695)
    10:56 AM: Warning: Invalid file - not a PKZip file
    10:56 AM: File Sweep Complete, Elapsed Time: 00:19:20
    10:56 AM: Full Sweep has completed. Elapsed time 00:24:23
    10:56 AM: Traces Found: 342
    11:02 AM: Removal process initiated
    11:02 AM: Quarantining All Traces: p2pnetwork
    11:02 AM: Quarantining All Traces: mediapipe
    11:03 AM: Quarantining All Traces: networkessentials
    11:03 AM: Quarantining All Traces: weirdontheweb
    11:03 AM: Quarantining All Traces: adknowledge cookie
    11:03 AM: Quarantining All Traces: adrevolver cookie
    11:03 AM: Quarantining All Traces: apmebf cookie
    11:03 AM: Quarantining All Traces: aptimus cookie
    11:03 AM: Quarantining All Traces: ask cookie
    11:03 AM: Quarantining All Traces: atwola cookie
    11:03 AM: Quarantining All Traces: azjmp cookie
    11:03 AM: Quarantining All Traces: belnk cookie
    11:03 AM: Quarantining All Traces: bravenet cookie
    11:03 AM: Quarantining All Traces: ccbill cookie
    11:03 AM: Quarantining All Traces: classmates cookie
    11:03 AM: Quarantining All Traces: coolsavings cookie
    11:03 AM: Quarantining All Traces: directtrack cookie
    11:03 AM: Quarantining All Traces: franklinsurveys cookie
    11:03 AM: Quarantining All Traces: iwon cookie
    11:03 AM: Quarantining All Traces: metareward.com cookie
    11:03 AM: Quarantining All Traces: primaryads cookie
    11:03 AM: Quarantining All Traces: realmedia cookie
    11:03 AM: Quarantining All Traces: sb01 cookie
    11:03 AM: Quarantining All Traces: tickle cookie
    11:03 AM: Quarantining All Traces: tripod cookie
    11:03 AM: Quarantining All Traces: websponsors cookie
    11:03 AM: Quarantining All Traces: whenu savenow
    11:03 AM: Quarantining All Traces: zedo cookie
    11:03 AM: Removal process completed. Elapsed time 00:00:23
    11:42 AM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
    11:42 AM: | End of Session, Sunday, January 22, 2006 |
    ********
    10:27 AM: | Start of Session, Sunday, January 22, 2006 |
    10:27 AM: Spy Sweeper started
    10:28 AM: Your spyware definitions have been updated.
    10:32 AM: | End of Session, Sunday, January 22, 2006 |


    by the way it really isn't my fault its taking so long- you know Sundays the kids the family the phone Blah Blah Blah.
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    can you post the panda scan log and another hijack this log!
     
  9. doorag

    doorag Guest Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    22
    Sorry for not finishing this yesterday but i had some out fo town guest pop in. I'm going to get the other logs and paste them shortly.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436192

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice