Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

EVIL WinFixwer 2005 popups (and others) on a brand new system

Started by trent_f , Oct 25 2005 07:10 AM

  • This topic is locked This topic is locked

#1
trent_f
Posted 25 October 2005 - 07:10 AM

trent_f

    New Member

  • Member
  • Pip
  • 4 posts
Hi. Just purchased a new CPU and I've already seemed to have infected it with some nasty spyware. I ran the usual (ad-aware, norton, microsoft's BETA anti-spyware), and though these programs did pick up some parts of the EVIL program(s), the popups are still happening periodically.

I know other people have posted about similar problems, but I'm really out of my comfort zone and would be really grateful if someone could have a look at my HijackThis log and help me out.

Thanks a lot!!!


Logfile of HijackThis v1.99.1
Scan saved at 10:46:41 PM, on 25/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Microsoft AntiSpyware\gcasSWUpdater.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\kcdhe220.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thanks again!
  • 0

Advertisements

#2
Danny
Posted 29 October 2005 - 12:08 PM

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Hi,

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Danny :tazz:
  • 0

#3
trent_f
Posted 29 October 2005 - 07:39 PM

trent_f

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Danny,

Thanks for the help.

I installed SpySweeper on the 26th after reading some other posts, and have since done three sweeps, so I've posted all three logs...

The pop-ups went with the first sweep, and today's sweep showed no traces, but the computer still seems a bit sluggish...does this program get rid of all traces? I still seem to be having some sort of problems (doesn't shut down properly and freezes occasioanlly), but I think these may have something to do with Norton blocking things...

Anyway, here are the logs...

********
12:04 PM: | Start of Session, Sunday, 30 October 2005 |
12:04 PM: Spy Sweeper started
12:04 PM: Sweep initiated using definitions version 564
12:04 PM: Starting Memory Sweep
12:07 PM: Memory Sweep Complete, Elapsed Time: 00:03:11
12:07 PM: Starting Registry Sweep
12:08 PM: Registry Sweep Complete, Elapsed Time:00:00:26
12:08 PM: Starting Cookie Sweep
12:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:08 PM: Starting File Sweep
12:15 PM: File Sweep Complete, Elapsed Time: 00:06:56
12:15 PM: Full Sweep has completed. Elapsed time 00:10:44
12:15 PM: Traces Found: 0
********
4:55 PM: | Start of Session, Friday, 28 October 2005 |
4:55 PM: Spy Sweeper started
4:55 PM: Sweep initiated using definitions version 562
4:55 PM: Starting Memory Sweep
4:59 PM: Memory Sweep Complete, Elapsed Time: 00:03:24
4:59 PM: Starting Registry Sweep
4:59 PM: Found Adware: coolwebsearch (cws)
4:59 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || quicktime task (ID = 112405)
4:59 PM: Registry Sweep Complete, Elapsed Time:00:00:31
4:59 PM: Starting Cookie Sweep
4:59 PM: Found Spy Cookie: belnk cookie
4:59 PM: hp_owner@belnk[1].txt (ID = 2292)
4:59 PM: [email protected][2].txt (ID = 2293)
4:59 PM: Found Spy Cookie: gamespy cookie
4:59 PM: hp_owner@gamespy[1].txt (ID = 2719)
4:59 PM: Found Spy Cookie: directtrack cookie
4:59 PM: [email protected][2].txt (ID = 2528)
4:59 PM: Found Spy Cookie: statcounter cookie
4:59 PM: hp_owner@statcounter[1].txt (ID = 3447)
4:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:59 PM: Starting File Sweep
5:13 PM: File Sweep Complete, Elapsed Time: 00:13:35
5:13 PM: Full Sweep has completed. Elapsed time 00:17:41
5:13 PM: Traces Found: 6
5:16 PM: Removal process initiated
5:17 PM: Quarantining All Traces: coolwebsearch (cws)
5:17 PM: Quarantining All Traces: belnk cookie
5:17 PM: Quarantining All Traces: directtrack cookie
5:17 PM: Quarantining All Traces: gamespy cookie
5:17 PM: Quarantining All Traces: statcounter cookie
5:17 PM: Removal process completed. Elapsed time 00:00:45
8:53 PM: Processing Startup Alerts
8:53 PM: Allowed Startup entry: wextract_cleanup0
6:34 PM: Your spyware definitions have been updated.
11:25 AM: Processing Internet Explorer Favorites Alerts
11:25 AM: Allowed IE Favorite: EVIL WinFixwer 2005 popups (and others) on a brand new system - Geeks to Go Forums
11:33 AM: Updating spyware definitions
11:33 AM: Your definitions are up to date.
11:34 AM: | End of Session, Sunday, 30 October 2005 |
********
6:30 PM: | Start of Session, Wednesday, 26 October 2005 |
6:30 PM: Spy Sweeper started
6:30 PM: Sweep initiated using definitions version 561
6:30 PM: Starting Memory Sweep
6:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:31 PM: Found Adware: look2me
6:31 PM: Detected running threat: C:\WINDOWS\system32\kcdhe220.dll (ID = 163672)
6:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: Detected running threat: C:\WINDOWS\system32\mkvci70.dll (ID = 163672)
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: Memory Sweep Complete, Elapsed Time: 00:03:43
6:34 PM: Starting Registry Sweep
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:35 PM: Found Adware: sp2ms
6:35 PM: HKLM\software\microsoft\windows\currentversion\run\ || msresearch (ID = 754357)
6:35 PM: Registry Sweep Complete, Elapsed Time:00:00:24
6:35 PM: Starting Cookie Sweep
6:35 PM: Found Spy Cookie: 2o7.net cookie
6:35 PM: [email protected][1].txt (ID = 1958)
6:35 PM: Found Spy Cookie: atwola cookie
6:35 PM: hp_owner@atwola[1].txt (ID = 2255)
6:35 PM: Found Spy Cookie: belnk cookie
6:35 PM: hp_owner@belnk[1].txt (ID = 2292)
6:35 PM: [email protected][2].txt (ID = 1958)
6:35 PM: [email protected][2].txt (ID = 2293)
6:35 PM: [email protected][1].txt (ID = 1958)
6:35 PM: [email protected][2].txt (ID = 1958)
6:35 PM: Found Spy Cookie: paypopup cookie
6:35 PM: hp_owner@paypopup[2].txt (ID = 3119)
6:35 PM: [email protected][1].txt (ID = 3120)
6:35 PM: Found Spy Cookie: directtrack cookie
6:35 PM: [email protected][1].txt (ID = 2528)
6:35 PM: Found Spy Cookie: myaffiliateprogram.com cookie
6:35 PM: [email protected][2].txt (ID = 3032)
6:35 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:35 PM: Starting File Sweep
6:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:35 PM: icont.exe (ID = 65722)
6:35 PM: appwrap[1].exe (ID = 65739)
6:35 PM: appwrap[1].exe (ID = 65722)
6:35 PM: bw2.com (ID = 65721)
6:36 PM: Found Adware: surf accuracy
6:36 PM: uninstall.exe (ID = 180136)
6:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:37 PM: Found Adware: isearch desktop search
6:37 PM: mte3ndi6odoxng[1].exe (ID = 178687)
6:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:37 PM: uninstaller.prod.24oct2005.exe[1].67ed8085ef4da0dd46732bc56aa91a66 (ID = 180136)
6:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:38 PM: Found Adware: effective-i toolbar
6:38 PM: ucmoreiex[1].exe (ID = 59853)
6:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM: Found Adware: isearch toolbar
6:39 PM: cmdinst.exe (ID = 154747)
6:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: gp2sl3f71.dll (ID = 163672)
6:41 PM: Found Adware: ist yoursitebar
6:41 PM: yoursitebar[1].xml (ID = 131226)
6:41 PM: Found Adware: powerscan
6:41 PM: power_remove[1].exe (ID = 72675)
6:41 PM: ysbinstall_1003585[1].exe (ID = 166206)
6:41 PM: ysb[1].dll (ID = 161559)
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM: sacc[1].cfg (ID = 162775)
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: mkvci70.dll (ID = 163672)
6:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: appwrap[1].exe (ID = 65721)
6:44 PM: kcdhe220.dll (ID = 163672)
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: File Sweep Complete, Elapsed Time: 00:12:14
6:47 PM: Full Sweep has completed. Elapsed time 00:16:33
6:47 PM: Traces Found: 32
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: Removal process initiated
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: Quarantining All Traces: effective-i toolbar
6:54 PM: Quarantining All Traces: isearch desktop search
6:54 PM: Quarantining All Traces: isearch toolbar
6:54 PM: Quarantining All Traces: ist yoursitebar
6:54 PM: Quarantining All Traces: powerscan
6:54 PM: Quarantining All Traces: sp2ms
6:54 PM: Quarantining All Traces: surf accuracy
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM: Quarantining All Traces: 2o7.net cookie
6:54 PM: Quarantining All Traces: atwola cookie
6:54 PM: Quarantining All Traces: belnk cookie
6:54 PM: Quarantining All Traces: directtrack cookie
6:54 PM: Quarantining All Traces: myaffiliateprogram.com cookie
6:54 PM: Quarantining All Traces: paypopup cookie
6:54 PM: Quarantining All Traces: look2me
6:54 PM: look2me is in use. It will be removed on reboot.
6:55 PM: Warning: Launched explorer.exe
6:55 PM: Warning: Quarantine process could not restart Explorer.
6:55 PM: Preparing to restart your computer. Please wait...
6:55 PM: Removal process completed. Elapsed time 00:01:42
8:06 PM: Deletion from quarantine initiated
8:06 PM: Processing: 2o7.net cookie
8:06 PM: Processing: atwola cookie
8:06 PM: Processing: belnk cookie
8:06 PM: Processing: directtrack cookie
8:06 PM: Processing: effective-i toolbar
8:06 PM: Processing: isearch desktop search
8:06 PM: Processing: isearch toolbar
8:06 PM: Processing: ist yoursitebar
8:06 PM: Processing: look2me
8:06 PM: Processing: myaffiliateprogram.com cookie
8:06 PM: Processing: paypopup cookie
8:06 PM: Processing: powerscan
8:06 PM: Processing: sp2ms
8:06 PM: Processing: surf accuracy
8:06 PM: Deletion from quarantine completed. Elapsed time 00:00:00
8:06 PM: Processing Internet Explorer Favorites Alerts
8:06 PM: Allowed IE Favorite: Bored of Studies
8:07 PM: Processing Internet Explorer Favorites Alerts
8:07 PM: Allowed IE Favorite: Board of Studies NSW
6:30 PM: Your spyware definitions have been updated.
********
6:10 PM: | Start of Session, Wednesday, 26 October 2005 |
6:10 PM: Spy Sweeper started
6:29 PM: Your spyware definitions have been updated.
6:30 PM: ActiveX Shield: found: Adware: look2me, version 1.0.0.0 -- Installation denied
6:30 PM: | End of Session, Wednesday, 26 October 2005 |


Thanks for your help

-Trent
  • 0

#4
Danny
Posted 03 November 2005 - 07:58 PM

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Hi,

I am Very sorry for the late reply.

Can you post a new HijackThis log if you still need any help?

Danny :tazz:
  • 0

#5
trent_f
Posted 04 November 2005 - 05:06 AM

trent_f

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Danny,

I think I'm alright now...

Rang HP and they told me I had too many programs operating behind the scenes which were slowing the machine right down...I stopped them down from opening at startup and now everything seems to be working OK

Thanks anyway!

-Trent
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP