Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spy Sherrif Again...

Started by jacque_strap , Jun 16 2005 10:11 AM

Please log in to reply

#1
jacque_strap

Posted 16 June 2005 - 10:11 AM

New Member

Member
8 posts

I've read ALL the posts on this Spy Sheriff virus but nothing seems to work for me. I have the blue screen with the warning and the background properties are locked. Non of the anti-virus/spyware programs have picked it up, and most times when I'm in safe mode the computer crashes. Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:11:02 PM, on 6/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Endeavors\AppExpress\ece.exe
D:\WINNT\System32\CTSvcCDA.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\WINNT\SYSTEM32\DNTUS26.EXE
D:\WINNT\System32\svchost.exe
D:\WINNT\runservice.exe
D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\Web\svchost.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\atiptaxx.exe
D:\WINNT\system32\desk95.exe
D:\Program Files\Parallel Tasking\ptask.exe
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
D:\WINNT\wt\updater\wcmdmgr.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\EnterNet.exe
D:\WINNT\system32\wuauclt.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Cameron family\Desktop\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (D:\Documents and Settings\Cameron family\Application Data\Mozilla\Profiles\default\wbc5g5qa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (D:\Documents and Settings\Cameron family\Application Data\Mozilla\Profiles\default\wbc5g5qa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XNetIEObj Class - {1808648B-3102-4293-8AD3-06AF71D3321B} - D:\Program Files\Endeavors\AppExpress\bho_2_5_5_17070\bho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Parallel Tasking] D:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wcmdmgr] D:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AppExpress Client] "D:\Program Files\Endeavors\AppExpress\eSUser.exe" startslow
O4 - HKLM\..\Run: [PSGuard] D:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "D:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ssgrate.exe] D:\WINNT\system32\winsystems.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Dictionary - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Spelling - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Thesaurus - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Translate - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Web Search - D:\Program Files\Dictionary\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra button: Dictionary - {49CB114B-ABCD-3586-DCAB-40E243AC3737} - http://www.definition.net/ (file missing)
O9 - Extra 'Tools' menuitem: Dictionary - {49CB114B-ABCD-3586-DCAB-40E243AC3737} - http://www.definition.net/ (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinter...up/RiffLick.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.ea.com/do...ommon/ieell.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca...rs/mgaxctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...ames/wtinst.cab
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://trials1.endea...nloads/OTAI.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - http://www.riffinter...p/MSChatOCX.Cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: Alerter - Unknown owner - D:\WINNT\Downloaded.exe (file missing)
O23 - Service: AppExpress Client - Endeavors Technology, Inc. - D:\Program Files\Endeavors\AppExpress\ece.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - D:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - D:\WINNT\runservice.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
O23 - Service: Snake SockProxy Service (SkServer) - noname. http://snake.gnuchina.org - D:\WINNT\Web\svchost.exe

#2
Wizard

Posted 16 June 2005 - 06:09 PM

Retired Staff

Retired Staff
5,661 posts

Hello jacque_strap and Welcome!

I believe you hav been completly hacked,it would appear by some of the programs installed that either someone else is using your PC as a Central IRC hub to do thier dirty work!

Could you send me some samples of some files?

Have a look at these and tell me if you know where they came from

O23 - Service: Alerter - Unknown owner - D:\WINNT\Downloaded.exe (file missing)

O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - D:\WINNT\SYSTEM32\DNTUS26.EXE

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe

O23 - Service: Snake SockProxy Service (SkServer) - noname. http://snake.gnuchina.org - D:\WINNT\Web\svchost.exe

#3
jacque_strap

Posted 16 June 2005 - 08:04 PM

New Member

Topic Starter
Member
8 posts

I have no idea where those files came from or what they are even. I tried to attach them to this post but it won't let me attach .exe files. Is there another way I could send them to you?

#4
Wizard

Posted 17 June 2005 - 03:33 AM

Retired Staff

Retired Staff
5,661 posts

I will send you a Private Message with my email!

Just create a folder on the Desktop and Copy all the files to it,then right click the new folder and select "Send to" amd then select "Compressed Zipped Folder!

Email the Zipped folder to me and then delete both the Zipped and New folder you created and Empty the Recycle bin!

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe

This should be related to your Internet Provider High Speed Services,if you cant determine it is then send it as well,other wise I wont need to see it!

So send me all these of you can

D:\WINNT\system32\winsystems.exe

D:\WINNT\Downloaded.exe

D:\WINNT\SYSTEM32\DNTUS26.EXE

D:\WINNT\Web\svchost.exe<< Maske sure that file comes from that location only!

mscvrt32.exe<< See if you cam locate that as well and send it!

Now I need you to follow out the directions in the link below and post back with a fresh HijackThis log when complete please!

http://forums.subrat...?showtopic=3466

You allready have Microsoft Antispyware so skip that part but get Kaspersky installed and running and Scan with it just as described!

#5
jacque_strap

Posted 17 June 2005 - 08:04 PM

New Member

Topic Starter
Member
8 posts

Okay, I did the scan with KAV in safe mode it deleted 145 items but I still have the blue screen. Here's the latest log:

Logfile of HijackThis v1.99.1
Scan saved at 11:00:26 PM, on 6/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Endeavors\AppExpress\ece.exe
D:\WINNT\System32\CTSvcCDA.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\WINNT\SYSTEM32\DNTUS26.EXE
D:\WINNT\System32\svchost.exe
D:\WINNT\runservice.exe
D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\atiptaxx.exe
D:\WINNT\system32\desk95.exe
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\WINNT\wt\updater\wcmdmgr.exe
D:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Documents and Settings\Cameron family\Desktop\HiJack This\HijackThis.exe
D:\WINNT\Microsoft.NET\Framework\v1.1.4322\ngen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (D:\Documents and Settings\Cameron family\Application Data\Mozilla\Profiles\default\wbc5g5qa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (D:\Documents and Settings\Cameron family\Application Data\Mozilla\Profiles\default\wbc5g5qa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XNetIEObj Class - {1808648B-3102-4293-8AD3-06AF71D3321B} - D:\Program Files\Endeavors\AppExpress\bho_2_5_5_17070\bho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wcmdmgr] D:\WINNT\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AppExpress Client] "D:\Program Files\Endeavors\AppExpress\eSUser.exe" startslow
O4 - HKLM\..\Run: [PSGuard] D:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "D:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Dictionary - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Spelling - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Thesaurus - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Translate - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Web Search - D:\Program Files\Dictionary\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra button: Dictionary - {49CB114B-ABCD-3586-DCAB-40E243AC3737} - http://www.definition.net/ (file missing)
O9 - Extra 'Tools' menuitem: Dictionary - {49CB114B-ABCD-3586-DCAB-40E243AC3737} - http://www.definition.net/ (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinter...up/RiffLick.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.ea.com/do...ommon/ieell.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca...rs/mgaxctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...ames/wtinst.cab
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://trials1.endea...nloads/OTAI.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - http://www.riffinter...p/MSChatOCX.Cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: Alerter - Unknown owner - D:\WINNT\Downloaded.exe (file missing)
O23 - Service: AppExpress Client - Endeavors Technology, Inc. - D:\Program Files\Endeavors\AppExpress\ece.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - D:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - D:\WINNT\runservice.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
O23 - Service: Snake SockProxy Service (SkServer) - Unknown owner - D:\WINNT\Web\svchost.exe (file missing)

#6
Wizard

Posted 18 June 2005 - 03:35 AM

Retired Staff

Retired Staff
5,661 posts

OK,Well Done and quite quickly I might add!

Please find out for me is the entry below is used for the Internet Connection on your Machine

D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe

Let me know in the next post please!

Go to Start>>Run>>Type in Services.msc and Click OK!

Locate these Services

Snake SockProxy Service

DameWare NT Utilities 2.6

Right Click each and Select "Properties">>Click "Stop"(If Running) and change the StartUp type to Disabled!

Now look at this Service

Alerter

You may have 2,so locate the on that has this file as the "Path to Executable"

D:\WINNT\Downloaded.exe

Again,Right Click and select "Stop" and change the StartUp type to disabled!

Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.

After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net...wnload/updates/

AdawareSE 1.06
http://www.bleepingc...showtutorial=48

The link will tell you how to Install>Update>Configure and Scan!

CleanUp! 4.0
http://downloads.ste...p/CleanUp40.exe

Download "The Hoster" from here
http://www.funkytoad...load/hoster.zip

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!

Here is a link to help with that
http://www.bleepingc...showtutorial=62

Be sure to follow the directions that apply to your Operating System!

Go to Start > Control Panel > Add or Remove Programs and remove the following:

SpySheriff
Keen Value
WildTangent
DameWare NT Utilities 2.6
PowerSearch
MWSearch Toolbar
AzeSearch
PSGuard

Locate and Delete the following if found

D:\Program Files\SpySheriff<< Folder

D:\Program Files\PSGuard<< Folder

D:\winstall.exe<< File

D:\WINNT\wt<< Folder

D:\WINNT\Downloaded.exe<< File

D:\WINNT\Desktop.html<< File

D:\WINNT\system32\winsystems.exe<< File

D:\WINNT\Web\svchost.exe<< File(That File in the Web folder only!!!)

Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by these 3:

Search System Folders
Search hidden files and folders
Search Subfolders

Now under All Files and Folders,enter this into the text box:

mscvrt32.exe<< Delete any exact matches you find!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)

O4 - HKLM\..\Run: [Microsoft Cvrt] mscvrt32.exe

O4 - HKLM\..\Run: [wcmdmgr] D:\WINNT\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [PSGuard] D:\Program Files\PSGuard\PSGuard.exe

O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinter...up/RiffLick.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca...rs/mgaxctrl.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...ames/wtinst.cab

O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://trials1.endea...nloads/OTAI.CAB

O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - http://www.riffinter...p/MSChatOCX.Cab

O23 - Service: Alerter - Unknown owner - D:\WINNT\Downloaded.exe (file missing)

O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - D:\WINNT\SYSTEM32\DNTUS26.EXE

O23 - Service: Snake SockProxy Service (SkServer) - Unknown owner - D:\WINNT\Web\svchost.exe (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Open Hoster and Press "Restore Original Hosts" and press "OK". Exit Program.

Now Scan with Ewido,if Identifies anything,Choose "Clean" and place a check by "Always Use this Action"!!

Once its Complete,Click the Save Report Button and Close out Ewido!

Now Scan with Ad Aware and remove allit finds and delete the quaratine file!

Run CleanUp!

Click "Cleanup" and it will Scan and Remove all available Temp files>Click "Close">Click "Yes" to Logoff!

Restart the PC in back into Normal Mode!

RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop.

Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES. After the merged successfully prompt, please reboot your computer.

You should be able to change your desktop back to normal now.

Now have the PC scanned here

Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Install these 2 programs

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

IE Spyad:
http://www.bleepingc...showtutorial=53
There is a direct download inside and great tutorial also!

Please Consider using this free firwall as well
Sygate Personal Firewall:
http://smb.sygate.co...pf_standard.htm

Post back with the Reports from Ewido and Panda and posta fresh HijackThis log as well!

#7
jacque_strap

Posted 22 June 2005 - 02:34 PM

New Member

Topic Starter
Member
8 posts

OK.... I finally got that huge list of things done, and it was a success, my background is back to normal. Some of the items on the list that I was supposed to delete or uninstall weren't there. I don't know if that really matters, since they were supposed to be removed anyway. A family member managed to delete the two reports I was supposed to save. But I do have the Hijack Log. Also, I have about a million spyware/anti-virus programs on the computer right now. I'd like to bring it down to one virus program and one spyware program if possible. What would be your suggestion on this? I don't mind buying some programs like McAfee or something. Thanks very much for your help.

P.S. When I start Internet Explorer I the KAV virus scan pops up and is detecting a virus in the D:/WINNT... drive but it says I do not have access to delete it. .... ?

Logfile of HijackThis v1.99.1
Scan saved at 5:32:39 PM, on 6/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Endeavors\AppExpress\ece.exe
D:\WINNT\System32\CTSvcCDA.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINNT\runservice.exe
D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\atiptaxx.exe
D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\EnterNet.exe
D:\WINNT\system32\desk95.exe
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
D:\WINNT\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Cameron family\Desktop\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (D:\Documents and Settings\Cameron family\Application Data\Mozilla\Profiles\default\wbc5g5qa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (D:\Documents and Settings\Cameron family\Application Data\Mozilla\Profiles\default\wbc5g5qa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XNetIEObj Class - {1808648B-3102-4293-8AD3-06AF71D3321B} - D:\Program Files\Endeavors\AppExpress\bho_2_5_5_17070\bho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AppExpress Client] "D:\Program Files\Endeavors\AppExpress\eSUser.exe" startslow
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Dictionary - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Spelling - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Thesaurus - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Translate - D:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Web Search - D:\Program Files\Dictionary\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\System32\msjava.dll
O9 - Extra button: Dictionary - {49CB114B-ABCD-3586-DCAB-40E243AC3737} - http://www.definition.net/ (file missing)
O9 - Extra 'Tools' menuitem: Dictionary - {49CB114B-ABCD-3586-DCAB-40E243AC3737} - http://www.definition.net/ (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.ea.com/do...ommon/ieell.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: AppExpress Client - Endeavors Technology, Inc. - D:\Program Files\Endeavors\AppExpress\ece.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - D:\WINNT\runservice.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe

#8
Wizard

Posted 22 June 2005 - 05:04 PM

Retired Staff

Retired Staff
5,661 posts

OK,I really needed to See the Scan Reports especially the one from Panda!

I also need you to find out the exact name of the file Kaspersky is flagging!!

If you have to Scan again with Panda please do!!

As for the question of Spyware and Antivirus Progs!

I would Keep these if I have them and lose anything else that was in those Categories!

Ad Aware SE 1.06

Mocrosoft AntSpyware

Kaspersky Antivirus until the Subscription Runs out then I would Install Antivirs Free Antivirus Software!
http://free-av.com/

And this is the Firewall I use on 2 of the 4 Machines

Sygate Personal Firewall:
http://smb.sygate.co...pf_standard.htm

This is all just a personal opinion and what I have installed on 4 Machines in the house!

For everything else,I would say Bye Bye!

Post back with the Info I asked for and we will go from there!

Edited by Cretemonster, 22 June 2005 - 05:04 PM.

#9
jacque_strap

Posted 23 June 2005 - 12:49 PM

New Member

Topic Starter
Member
8 posts

Heres the scan results. I think the file that KAV was fagging was this one: D:\WINNT\system32OLEADM.dll

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 18, 2005 7:07:51 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):142 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-18-2005 7:02:01 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R50 13.06.2005
Internal build : 58
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481146 Bytes
Total size : 1456012 Bytes
Signature data size : 1427935 Bytes
Reference data size : 27565 Bytes
Signatures total : 40456
CSI Fingerprints total : 904
CSI data size : 31134 Bytes
Target categories : 15
Target families : 692

6-18-2005 7:02:41 PM Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:19 %
Total physical memory:261616 kb
Available physical memory:48212 kb
Total page file size:632668 kb
Available on page file:425748 kb
Total virtual memory:2097024 kb
Available virtual memory:2038296 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

6-18-2005 7:07:51 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 180
ThreadCreationTime : 6-18-2005 9:01:23 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\D:\WINNT\system32\
ProcessID : 204
ThreadCreationTime : 6-18-2005 9:01:33 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\D:\WINNT\system32\
ProcessID : 224
ThreadCreationTime : 6-18-2005 9:01:35 PM
BasePriority : High

#:4 [services.exe]
FilePath : D:\WINNT\system32\
ProcessID : 252
ThreadCreationTime : 6-18-2005 9:01:37 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : D:\WINNT\system32\
ProcessID : 264
ThreadCreationTime : 6-18-2005 9:01:37 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : D:\WINNT\system32\
ProcessID : 456
ThreadCreationTime : 6-18-2005 9:01:41 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : D:\WINNT\system32\
ProcessID : 480
ThreadCreationTime : 6-18-2005 9:01:42 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ece.exe]
FilePath : D:\Program Files\Endeavors\AppExpress\
ProcessID : 512
ThreadCreationTime : 6-18-2005 9:01:42 PM
BasePriority : Normal
FileVersion : 2.5.5.17070
ProductVersion : 2.5.5.17070
ProductName : Endeavors AppExpress Client
CompanyName : Endeavors Technology, Inc.
FileDescription : Endeavors AppExpress Client
InternalName : Endeavors AppExpress Client
LegalCopyright : Copyright © 2004 Endeavors Technology, Inc.

#:9 [ctsvccda.exe]
FilePath : D:\WINNT\System32\
ProcessID : 540
ThreadCreationTime : 6-18-2005 9:01:44 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:10 [dkservice.exe]
FilePath : D:\Program Files\Executive Software\Diskeeper\
ProcessID : 560
ThreadCreationTime : 6-18-2005 9:01:44 PM
BasePriority : Normal
FileVersion : 8.0.459.0
ProductVersion : 8.0.459.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2003 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:11 [svchost.exe]
FilePath : D:\WINNT\System32\
ProcessID : 596
ThreadCreationTime : 6-18-2005 9:01:45 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:12 [runservice.exe]
FilePath : D:\WINNT\
ProcessID : 688
ThreadCreationTime : 6-18-2005 9:01:51 PM
BasePriority : Normal

#:13 [pppoeservice.exe]
FilePath : D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\
ProcessID : 732
ThreadCreationTime : 6-18-2005 9:01:52 PM
BasePriority : Normal

#:14 [regsvc.exe]
FilePath : D:\WINNT\system32\
ProcessID : 768
ThreadCreationTime : 6-18-2005 9:01:55 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
FilePath : D:\WINNT\system32\
ProcessID : 772
ThreadCreationTime : 6-18-2005 9:01:55 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [stisvc.exe]
FilePath : D:\WINNT\system32\
ProcessID : 812
ThreadCreationTime : 6-18-2005 9:01:55 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:17 [winmgmt.exe]
FilePath : D:\WINNT\System32\WBEM\
ProcessID : 872
ThreadCreationTime : 6-18-2005 9:01:56 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [svchost.exe]
FilePath : D:\WINNT\system32\
ProcessID : 884
ThreadCreationTime : 6-18-2005 9:01:57 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [explorer.exe]
FilePath : D:\WINNT\
ProcessID : 988
ThreadCreationTime : 6-18-2005 9:02:03 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [atiptaxx.exe]
FilePath : D:\WINNT\system32\
ProcessID : 1112
ThreadCreationTime : 6-18-2005 9:02:13 PM
BasePriority : Normal
FileVersion : 6.13.10.2531
ProductVersion : 6.13.10.2531
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:21 [desk95.exe]
FilePath : D:\WINNT\system32\
ProcessID : 1120
ThreadCreationTime : 6-18-2005 9:02:13 PM
BasePriority : Normal
FileVersion : 2.50.00.0023
ProductVersion : 2.50.00.0023
ProductName : ATI Technologies Inc. HydraVision Desktop Manager
CompanyName : ATI Technologies Inc.
FileDescription : Desk95
InternalName : Desk95
LegalCopyright : Copyright © ATI Technologies Inc. 1985-2001
OriginalFilename : Desk95.exe

#:22 [opware32.exe]
FilePath : D:\Program Files\ScanSoft\OmniPageSE\
ProcessID : 1140
ThreadCreationTime : 6-18-2005 9:02:13 PM
BasePriority : Normal
FileVersion : 11.0
ProductVersion : 11.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
LegalCopyright : Copyright © 1995-2000 ScanSoft, Inc
OriginalFilename : Opware32.exe

#:23 [gcasserv.exe]
FilePath : D:\Program Files\Microsoft AntiSpyware\
ProcessID : 1152
ThreadCreationTime : 6-18-2005 9:02:14 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:24 [wcmdmgr.exe]
FilePath : D:\WINNT\wt\updater\
ProcessID : 1184
ThreadCreationTime : 6-18-2005 9:02:15 PM
BasePriority : Idle
FileVersion : 1.6.1.2
ProductVersion : 1.6.1.2
ProductName : WildTangent Updater Service
CompanyName : WildTangent, Inc.
FileDescription : wcmdmgr
InternalName : WildTangent Updater Service
LegalCopyright : Copyright © 1999-2002
OriginalFilename : wcmdmgr.exe

#:25 [msnmsgr.exe]
FilePath : D:\Program Files\MSN Messenger\
ProcessID : 996
ThreadCreationTime : 6-18-2005 9:02:16 PM
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:26 [olfsnt40.exe]
FilePath : D:\Program Files\Microsoft Office\Office\1033\
ProcessID : 1296
ThreadCreationTime : 6-18-2005 9:02:23 PM
BasePriority : Normal
FileVersion : 9.0.98.0105
ProductVersion : 9.0.98.0105
ProductName : Symantec Fax Starter Edition Printer Driver
CompanyName : Microsoft Corporation
FileDescription : Symantec Fax Starter Edition Port Launcher
InternalName : OLFSNT40.DLL
LegalCopyright : Copyright © Symantec Corp. 1990-1998
OriginalFilename : OLFSNT40.DLL

#:27 [gcasdtserv.exe]
FilePath : D:\Program Files\Microsoft AntiSpyware\
ProcessID : 644
ThreadCreationTime : 6-18-2005 9:02:31 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:28 [enternet.exe]
FilePath : D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\
ProcessID : 1176
ThreadCreationTime : 6-18-2005 9:03:30 PM
BasePriority : Normal

#:29 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ProcessID : 656
ThreadCreationTime : 6-18-2005 9:03:48 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:30 [svchost.exe]
FilePath : D:\WINNT\System32\
ProcessID : 1036
ThreadCreationTime : 6-18-2005 9:17:49 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:31 [ewidoctrl.exe]
FilePath : D:\Program Files\ewido\security suite\
ProcessID : 1056
ThreadCreationTime : 6-18-2005 9:18:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:32 [wuauclt.exe]
FilePath : D:\WINNT\system32\
ProcessID : 1520
ThreadCreationTime : 6-18-2005 9:24:41 PM
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:33 [ad-aware.exe]
FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1060
ThreadCreationTime : 6-18-2005 10:01:07 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@0[7].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:cameron [email protected]/HTM/508/0
Expires : 8-16-2005 11:09:36 PM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 9-26-2037 9:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:cameron [email protected]/
Expires : 6-15-2008 12:36:54 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:101
Value : Cookie:cameron [email protected]/
Expires : 6-14-2010 7:49:28 PM
LastSync : Hits:101
UseCount : 0
Hits : 101

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:cameron [email protected]/
Expires : 6-15-2010 9:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 6-17-2010 6:53:28 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@specificclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 2-26-2015 9:20:04 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 6-21-2009 9:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@pro-market[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:cameron [email protected]/
Expires : 5-31-2030 9:00:00 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:93
Value : Cookie:cameron [email protected]/
Expires : 3-30-2006 9:30:26 PM
LastSync : Hits:93
UseCount : 0
Hits : 93

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@list[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 12-26-2004 9:49:44 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:cameron [email protected]/
Expires : 6-15-2007 9:23:46 PM
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:cameron [email protected]/
Expires : 5-24-2015 10:48:56 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:cameron [email protected]/
Expires : 6-5-2035 8:45:44 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:cameron [email protected]/
Expires : 5-17-2015 9:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:238
Value : Cookie:cameron [email protected]/
Expires : 12-31-2037 9:00:00 PM
LastSync : Hits:238
UseCount : 0
Hits : 238

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@bfast[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:cameron [email protected]/
Expires : 3-2-2025 7:37:42 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:cameron [email protected]/
Expires : 6-14-2015 8:37:26 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:141
Value : Cookie:cameron [email protected]/
Expires : 7-15-2005 9:43:52 PM
LastSync : Hits:141
UseCount : 0
Hits : 141

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:122
Value : Cookie:cameron [email protected]/
Expires : 5-31-2006 12:18:22 PM
LastSync : Hits:122
UseCount : 0
Hits : 122

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:cameron [email protected]/
Expires : 5-12-2010 8:17:56 PM
LastSync : Hits:45
UseCount : 0
Hits : 45

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:924
Value : Cookie:cameron [email protected]/
Expires : 6-15-2006 8:07:12 PM
LastSync : Hits:924
UseCount : 0
Hits : 924

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@centrport[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:cameron [email protected]/
Expires : 12-31-2029 9:00:00 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:cameron [email protected]/
Expires : 12-31-2009 9:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@targetnet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:cameron [email protected]/
Expires : 5-18-2033 12:33:20 AM
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:99
Value : Cookie:cameron [email protected]/
Expires : 6-16-2005 9:41:56 PM
LastSync : Hits:99
UseCount : 0
Hits : 99

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:236
Value : Cookie:cameron [email protected]/cgi-bin
Expires : 6-12-2015 5:06:24 PM
LastSync : Hits:236
UseCount : 0
Hits : 236

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:342
Value : Cookie:cameron [email protected]/
Expires : 6-14-2010 7:49:28 PM
LastSync : Hits:342
UseCount : 0
Hits : 342

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:90
Value : Cookie:cameron [email protected]/
Expires : 3-6-2015 5:06:06 PM
LastSync : Hits:90
UseCount : 0
Hits : 90

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:52
Value : Cookie:cameron [email protected]/
Expires : 6-3-2006 6:11:02 PM
LastSync : Hits:52
UseCount : 0
Hits : 52

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 11-9-2004 9:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 2-11-2030 9:32:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:cameron [email protected]/
Expires : 3-28-2006 2:32:40 PM
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@0[9].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:50
Value : Cookie:cameron [email protected]/HTM/458/0
Expires : 8-21-2005 10:12:08 PM
LastSync : Hits:50
UseCount : 0
Hits : 50

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@0[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:cameron [email protected]/HTM/546/0
Expires : 8-16-2005 11:09:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/HTM/384/0
Expires : 3-12-2006 2:32:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@iwon[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 9-6-2014 8:50:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@276[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:cameron [email protected]/HTM/276
Expires : 8-20-2005 7:45:16 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 12-30-2037 1:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:96
Value : Cookie:cameron [email protected]/
Expires : 6-8-2006 10:16:44 PM
LastSync : Hits:96
UseCount : 0
Hits : 96

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:216
Value : Cookie:cameron [email protected]/
Expires : 6-11-2006 5:55:26 PM
LastSync : Hits:216
UseCount : 0
Hits : 216

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@0[8].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/HTM/276/0
Expires : 8-20-2005 7:45:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:51
Value : Cookie:cameron [email protected]/
Expires : 3-11-2006 10:11:18 PM
LastSync : Hits:51
UseCount : 0
Hits : 51

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:cameron [email protected]/
Expires : 1-1-2038 2:00:00 AM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 6-10-2022 2:05:42 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 7-31-2006 10:59:48 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:cameron [email protected]/
Expires : 3-4-2006 4:07:24 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:cameron [email protected]/
Expires : 5-29-2015 5:36:58 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:123
Value : Cookie:cameron [email protected]/
Expires : 12-31-2020 9:00:00 PM
LastSync : Hits:123
UseCount : 0
Hits : 123

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 2-18-2006 9:43:34 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:cameron [email protected]/
Expires : 2-24-2009 10:22:30 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 1-9-2029 9:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:cameron [email protected]/
Expires : 6-15-2006 8:07:12 PM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 10-13-2009 9:01:36 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:cameron [email protected]/
Expires : 5-30-2006 8:22:14 PM
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:cameron [email protected]/
Expires : 1-1-2038 2:00:00 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 2-17-2005 8:27:46 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 3-5-2020 5:34:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 2-26-2020 11:30:54 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:cameron [email protected]/
Expires : 7-12-2005 9:00:20 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@qksrv[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 6-17-2010 6:53:28 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 5-12-2024 3:07:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:57
Value : Cookie:cameron [email protected]/
Expires : 3-8-2006 5:11:50 PM
LastSync : Hits:57
UseCount : 0
Hits : 57

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:cameron [email protected]/
Expires : 12-31-2006 8:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:cameron [email protected]/
Expires : 10-28-2014 7:57:18 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 12-11-2005 5:08:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@xxxtoolbar[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 6-30-2005 7:13:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@qsrch[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 2-14-2005 4:52:54 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:cameron [email protected]/
Expires : 5-18-2006 6:52:48 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:55
Value : Cookie:cameron [email protected]/
Expires : 5-8-2006 3:27:40 PM
LastSync : Hits:55
UseCount : 0
Hits : 55

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@bravenet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:cameron [email protected]/
Expires : 6-10-2015 6:54:06 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@domainsponsor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:cameron [email protected]/
Expires : 6-12-2005 7:49:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@commission-junction[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 3-22-2010 7:40:38 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@seeq[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 4-18-2006 8:05:44 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:cameron [email protected]/
Expires : 5-29-2006 4:02:40 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 3-18-2006 11:27:34 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:cameron [email protected]/
Expires : 4-1-2006 11:00:10 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 5-31-2006 4:47:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:cameron [email protected]/
Expires : 1-18-2038 2:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:cameron [email protected]/
Expires : 5-28-2015 8:25:40 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:cameron [email protected]/
Expires : 3-22-2006 9:37:28 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron family@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:302
Value : Cookie:cameron [email protected]/
Expires : 6-15-2007 9:43:54 PM
LastSync : Hits:302
UseCount : 0
Hits : 302

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:cameron [email protected]/
Expires : 4-19-2006 9:19:32 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:cameron [email protected]/
Expires : 4-12-2006 12:14:44 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cameron [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:cameron [email protected]/
Expires : 5-13-2006 7:33:20 PM
LastSync : Hits:1
UseCount : 0
H

#10
Wizard

Posted 23 June 2005 - 07:26 PM

Retired Staff

Retired Staff
5,661 posts

OK,I need you to download and run Silent Runners:
http://www.silentrun...ent Runners.zip

Unzip it and select Extract all files!

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.

It will start scanning the System,be patient,it takes a bit!

Once Completed,it will produce a Notepad page,I need you to Copy&Paste those results into your next post!

#11
jacque_strap

Posted 24 June 2005 - 11:49 AM

New Member

Topic Starter
Member
8 posts

OK Here it is;

"Silent Runners.vbs", revision 38.1, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ATI Launchpad" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"NewsUpd" = "D:\Program Files\Creative\News\NewsUpd.EXE /q" [file not found]
"LoadQM" = "loadqm.exe" [MS]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"HydraVisionDesktopManager" = "desk95.exe" ["ATI Technologies Inc."]
"NeroCheck" = "D:\WINNT\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Omnipage" = "D:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"gcasServ" = ""D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"AppExpress Client" = ""D:\Program Files\Endeavors\AppExpress\eSUser.exe" startslow" ["Endeavors Technology, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1808648B-3102-4293-8AD3-06AF71D3321B}\(Default) = "XNetIEObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Endeavors\AppExpress\bho_2_5_5_17070\bho.dll" ["Endeavors Technology, Inc."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\1033\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{fe7634c0-f7b3-11cf-b9b4-444553540000}" = "NetFerret"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\System32\NetFerret.dll" [null data]
"{A58686ED-FC46-44C3-95C6-4A812AB776F1}" = "NetFerret IE Toolbar"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\FerretSoft\WebFerret\FerretBand.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\lcmmfu.cpl" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "D:\WINNT\system32\ssstars.scr" [MS]

Startup items in "Cameron family" & "All Users" startup folders:
----------------------------------------------------------------

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Symantec Fax Starter Edition Port" -> shortcut to: "D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE" [MS]

Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (HOME-TY8LZXU1Z6-Cameron family)" -> launches: "D:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{A58686ED-FC46-44C3-95C6-4A812AB776F1}" = "WebFerret" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\FerretSoft\WebFerret\FerretBand.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{A58686ED-FC46-44C3-95C6-4A812AB776F1}" = "WebFerret" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\FerretSoft\WebFerret\FerretBand.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\System32\msjava.dll" [MS]

{49CB114B-ABCD-3586-DCAB-40E243AC3737}\
"ButtonText" = "Dictionary"
"MenuText" = "Dictionary"
"Exec" = "http://www.definition.net/" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AppExpress Client, AppExpress Client, "D:\Program Files\Endeavors\AppExpress\ece.exe" ["Endeavors Technology, Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "D:\WINNT\System32\CTSvcCDA.exe" ["Creative Technology Ltd"]
Diskeeper, Diskeeper, "D:\Program Files\Executive Software\Diskeeper\DkService.exe" ["Executive Software International, Inc."]
ewido security suite control, ewido security suite control, "D:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
LicCtrl Service, LicCtrlService, "D:\WINNT\runservice.exe" [null data]
PPPoE Service, PPPoEService, "D:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe" [null data]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

#12
Wizard

Posted 24 June 2005 - 01:38 PM

Retired Staff

Retired Staff
5,661 posts

OK,All that looks OK,lets see about finding this file and Scanning it along with one other!

Locate these 2 files

D:\WINNT\System32\OLEADM.dll
and
D:\WINNT\System32\wininet.dll

Have both of them scanned at these 2 sites please

http://virusscan.jotti.org/
and
http://www.virustota...h/index_en.html

Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.

Post the results of all those scans back here please!

#13
jacque_strap

Posted 24 June 2005 - 07:54 PM

New Member

Topic Starter
Member
8 posts

Here are the scan reports;

File: oleadm.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 1d788915c3f4d9943c27c8e90baf1ed9
Packers detected: UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/Agent.EO-tr
Kaspersky Anti-Virus Found Trojan.Win32.Agent.eo
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

This is a report processed by VirusTotal on 06/25/2005 at 03:45:50 (CET) after scanning the file "oleadm.dll" file.
Antivirus Version Update Result
AntiVir 6.31.0.7 06.24.2005 no virus found
Avira 6.31.0.7 06.24.2005 no virus found
BitDefender 7.0 06.25.2005 no virus found
ClamAV devel-20050501 06.25.2005 no virus found
DrWeb 4.32b 06.24.2005 no virus found
eTrust-Iris 7.1.194.0 06.24.2005 no virus found
eTrust-Vet 11.9.1.0 06.24.2005 no virus found
Fortinet 2.36.0.0 06.25.2005 W32/Agent.EO-tr
Ikarus 2.32 06.24.2005 no virus found
Kaspersky 4.0.2.24 06.25.2005 Trojan.Win32.Agent.eo
McAfee 4521 06.24.2005 Spy-Agent.h
NOD32v2 1.1153 06.24.2005 no virus found
Norman 5.70.10 06.23.2005 no virus found
Panda 8.02.00 06.24.2005 no virus found
Sybari 7.5.1314 06.25.2005 Spy-Agent.h
Symantec 8.0 06.24.2005 no virus found
TheHacker 5.8.2.059 06.25.2005 no virus found
VBA32 3.10.4 06.24.2005 no virus found

File: wininet.dll
Status: INFECTED/MALWARE
MD5 818758dfc6524da96d47c7aa4168bd0d
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.2636
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Virus.Win32.Nsag.a
NOD32 Found Win32/Oleloa.A
Norman Virus Control Found nothing
VBA32 Found Virus.Win32.Nsag.a

This is a report processed by VirusTotal on 06/25/2005 at 03:49:11 (CET) after scanning the file "wininet.dll" file.
Antivirus Version Update Result
AntiVir 6.31.0.7 06.24.2005 no virus found
Avira 6.31.0.7 06.24.2005 no virus found
BitDefender 7.0 06.25.2005 no virus found
ClamAV devel-20050501 06.25.2005 no virus found
DrWeb 4.32b 06.24.2005 Trojan.DownLoader.2636
eTrust-Iris 7.1.194.0 06.24.2005 no virus found
eTrust-Vet 11.9.1.0 06.24.2005 Win32.Alemod.B
Fortinet 2.36.0.0 06.25.2005 suspicious
Ikarus 2.32 06.24.2005 no virus found
Kaspersky 4.0.2.24 06.25.2005 Virus.Win32.Nsag.a
McAfee 4521 06.24.2005 no virus found
NOD32v2 1.1153 06.24.2005 Win32/Oleloa.A
Norman 5.70.10 06.23.2005 no virus found
Panda 8.02.00 06.24.2005 W32/Smitfraud.B
Sybari 7.5.1314 06.25.2005 Win32.Alemod.B
Symantec 8.0 06.24.2005 W32.Desktophijack
TheHacker 5.8.2.059 06.25.2005 W32/Nsag.A
VBA32 3.10.4 06.24.2005 Virus.Win32.Nsag.a

... and the wininet.bat thing...

Volume in drive D is family
Volume Serial Number is D440-8D6B

Directory of D:\WINNT\$NtUninstallKB834707-IE6SP1-20040929.091901$

02/06/2004 07:05p 588,288 wininet.dll
1 File(s) 588,288 bytes

Directory of D:\WINNT\ServicePackFiles\i386

06/19/2003 04:05p 466,704 wininet.dll
1 File(s) 466,704 bytes

Directory of D:\WINNT\system32

08/23/2004 08:32p 589,312 wininet.dll
1 File(s) 589,312 bytes

Directory of D:\WINNT\system32\dllcache

08/23/2004 08:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes

#14
Wizard

Posted 25 June 2005 - 01:25 AM

Retired Staff

Retired Staff
5,661 posts

Ok,these 2 files I need to see for sure!

Locate

D:\WINNT\System32\OLEADM.dll
and
D:\WINNT\System32\wininet.dll

Create a folder and place them in it then right click the folder and select "Send To" then select Compressed(Zipped)Folder

Email that Zipped folder here>> [email protected]

Let me know when they are sent!