Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer


  • Please log in to reply

#1
Frantt

Frantt

    Member

  • Member
  • PipPip
  • 30 posts
Here is my Hijack this log I wanna know how to get rid of Winfixer pop ups their getting annoying I just reformatted my computer so i dont undrstand why im getting ther popups Please help :tazz: Thank-You

-----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:06:35 AM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\sstqo.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.c...GamesPlugin.cab
O16 - DPF: {4B280838-680A-486E-A99F-F97D73F82D42} (egames.AxRTPC) - http://dreamville.e-...ient/AxRTPC.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - https://segalink.jp/...SJSessionAX.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.bravetree...ownloadCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...598/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B78EF7CB-8301-4B18-8930-92CC9CB8F219}: NameServer = 206.47.244.59 206.47.244.105
O18 - Protocol: msnim - 0 - (no file)
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\SYSTEM32\jkhfc.dll
O20 - Winlogon Notify: sstqo - C:\WINDOWS\System32\sstqo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-----------------------------------------------------------------------------------------------------------------------------

:)
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Frantt and Welcome to GeekstoGo!


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\System32\sstqo.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\System32\oqtss.*
    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\jkhfc.dll

    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\sstqo.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O18 - Protocol: msnim - 0 - (no file)

    O20 - Winlogon Notify: jkhfc - C:\WINDOWS\SYSTEM32\jkhfc.dll

    O20 - Winlogon Notify: sstqo - C:\WINDOWS\System32\sstqo.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
Frantt

Frantt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
well heres a problem Im gtrying to go to safe mode(done it before) BUT when its supposed to g o to menu to select safe mode it clicks and returns and botos up in normal mode how can ifix that?
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
We can fix this stubborn bug another way since it appears Explorer.exe is trashed!


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#5
Frantt

Frantt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
********
10:50 PM: | Start of Session, Sunday, October 30, 2005 |
10:50 PM: Spy Sweeper started
10:50 PM: Sweep initiated using definitions version 564
10:50 PM: Starting Memory Sweep
10:50 PM: Found Adware: virtumonde
10:50 PM: Detected running threat: C:\WINDOWS\system32\sstqo.dll (ID = 77)
10:51 PM: Memory Sweep Complete, Elapsed Time: 00:01:26
10:51 PM: Starting Registry Sweep
10:51 PM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
10:51 PM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
10:51 PM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
10:51 PM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
10:51 PM: Found Trojan Horse: trojan-downloader-conhook
10:51 PM: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627)
10:51 PM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628)
10:51 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629)
10:52 PM: Registry Sweep Complete, Elapsed Time:00:00:09
10:52 PM: Starting Cookie Sweep
10:52 PM: Found Spy Cookie: 2o7.net cookie
10:52 PM: cree@2o7[2].txt (ID = 1957)
10:52 PM: Found Spy Cookie: atlas dmt cookie
10:52 PM: cree@atdmt[1].txt (ID = 2253)
10:52 PM: cree@gateway.122.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: marketplaces cookie
10:52 PM: cree@marketplaces[2].txt (ID = 2947)
10:52 PM: Found Spy Cookie: overture cookie
10:52 PM: cree@perf.overture[1].txt (ID = 3106)
10:52 PM: Found Spy Cookie: reliablestats cookie
10:52 PM: cree@stats1.reliablestats[1].txt (ID = 3254)
10:52 PM: Found Spy Cookie: epilot cookie
10:52 PM: cree@vaclick.epilot[2].txt (ID = 2622)
10:52 PM: jennifer williams@2o7[2].txt (ID = 1957)
10:52 PM: Found Spy Cookie: yieldmanager cookie
10:52 PM: jennifer williams@ad.yieldmanager[2].txt (ID = 3751)
10:52 PM: Found Spy Cookie: adrevolver cookie
10:52 PM: jennifer williams@adrevolver[1].txt (ID = 2088)
10:52 PM: jennifer williams@adrevolver[2].txt (ID = 2088)
10:52 PM: Found Spy Cookie: advertising cookie
10:52 PM: jennifer williams@advertising[1].txt (ID = 2175)
10:52 PM: jennifer williams@atdmt[2].txt (ID = 2253)
10:52 PM: Found Spy Cookie: atwola cookie
10:52 PM: jennifer williams@atwola[1].txt (ID = 2255)
10:52 PM: Found Spy Cookie: banner cookie
10:52 PM: jennifer williams@banner[2].txt (ID = 2276)
10:52 PM: Found Spy Cookie: zedo cookie
10:52 PM: jennifer williams@c5.zedo[1].txt (ID = 3763)
10:52 PM: Found Spy Cookie: fastclick cookie
10:52 PM: jennifer williams@fastclick[2].txt (ID = 2651)
10:52 PM: jennifer williams@perf.overture[1].txt (ID = 3106)
10:52 PM: Found Spy Cookie: realmedia cookie
10:52 PM: jennifer williams@realmedia[1].txt (ID = 3235)
10:52 PM: Found Spy Cookie: servedby advertising cookie
10:52 PM: jennifer williams@servedby.advertising[2].txt (ID = 3335)
10:52 PM: Found Spy Cookie: server.iad.liveperson cookie
10:52 PM: jennifer williams@server.iad.liveperson[2].txt (ID = 3341)
10:52 PM: jennifer williams@stats1.reliablestats[2].txt (ID = 3254)
10:52 PM: Found Spy Cookie: trafficmp cookie
10:52 PM: jennifer williams@trafficmp[2].txt (ID = 3581)
10:52 PM: Found Spy Cookie: tribalfusion cookie
10:52 PM: jennifer williams@tribalfusion[1].txt (ID = 3589)
10:52 PM: jennifer williams@zedo[1].txt (ID = 3762)
10:52 PM: mary toussaint@2o7[2].txt (ID = 1957)
10:52 PM: Found Spy Cookie: about cookie
10:52 PM: mary toussaint@about[1].txt (ID = 2037)
10:52 PM: mary toussaint@ad.yieldmanager[1].txt (ID = 3751)
10:52 PM: Found Spy Cookie: adknowledge cookie
10:52 PM: mary toussaint@adknowledge[2].txt (ID = 2072)
10:52 PM: Found Spy Cookie: specificclick.com cookie
10:52 PM: mary toussaint@adopt.specificclick[2].txt (ID = 3400)
10:52 PM: mary toussaint@adrevolver[1].txt (ID = 2088)
10:52 PM: mary toussaint@adrevolver[3].txt (ID = 2088)
10:52 PM: Found Spy Cookie: pointroll cookie
10:52 PM: mary toussaint@ads.pointroll[2].txt (ID = 3148)
10:52 PM: mary toussaint@advertising[1].txt (ID = 2175)
10:52 PM: mary toussaint@atdmt[2].txt (ID = 2253)
10:52 PM: Found Spy Cookie: azjmp cookie
10:52 PM: mary toussaint@azjmp[2].txt (ID = 2270)
10:52 PM: mary toussaint@banner[2].txt (ID = 2276)
10:52 PM: Found Spy Cookie: belnk cookie
10:52 PM: mary toussaint@belnk[1].txt (ID = 2292)
10:52 PM: Found Spy Cookie: bluestreak cookie
10:52 PM: mary toussaint@bluestreak[1].txt (ID = 2314)
10:52 PM: Found Spy Cookie: centrport net cookie
10:52 PM: mary toussaint@centrport[1].txt (ID = 2374)
10:52 PM: Found Spy Cookie: coolsavings cookie
10:52 PM: mary toussaint@coolsavings[1].txt (ID = 2465)
10:52 PM: Found Spy Cookie: hitslink cookie
10:52 PM: mary toussaint@counter2.hitslink[2].txt (ID = 2790)
10:52 PM: Found Spy Cookie: coremetrics cookie
10:52 PM: mary toussaint@data.coremetrics[1].txt (ID = 2472)
10:52 PM: mary toussaint@dist.belnk[2].txt (ID = 2293)
10:52 PM: Found Spy Cookie: adbureau cookie
10:52 PM: mary toussaint@etype.adbureau[1].txt (ID = 2060)
10:52 PM: mary toussaint@fastclick[2].txt (ID = 2651)
10:52 PM: Found Spy Cookie: metareward.com cookie
10:52 PM: mary toussaint@metareward[1].txt (ID = 2990)
10:52 PM: mary toussaint@perf.overture[1].txt (ID = 3106)
10:52 PM: Found Spy Cookie: questionmarket cookie
10:52 PM: mary toussaint@questionmarket[1].txt (ID = 3217)
10:52 PM: mary toussaint@realmedia[1].txt (ID = 3235)
10:52 PM: mary toussaint@servedby.advertising[2].txt (ID = 3335)
10:52 PM: mary toussaint@server.iad.liveperson[1].txt (ID = 3341)
10:52 PM: mary toussaint@stats1.reliablestats[1].txt (ID = 3254)
10:52 PM: Found Spy Cookie: webtrendslive cookie
10:52 PM: mary toussaint@statse.webtrendslive[2].txt (ID = 3667)
10:52 PM: mary toussaint@trafficmp[2].txt (ID = 3581)
10:52 PM: mary toussaint@tribalfusion[1].txt (ID = 3589)
10:52 PM: Found Spy Cookie: adserver cookie
10:52 PM: mary toussaint@z1.adserver[1].txt (ID = 2142)
10:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
10:52 PM: Starting File Sweep
11:02 PM: Found System Monitor: golden eye
11:02 PM: unins000.exe (ID = 181198)
11:11 PM: File Sweep Complete, Elapsed Time: 00:19:13
11:11 PM: Traces Found: 89
11:12 PM: Removal process initiated
11:13 PM: Quarantining All Traces: potentially rootkit-masked files
11:13 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:13 PM: Quarantining All Traces: golden eye
11:13 PM: Quarantining All Traces: trojan-downloader-conhook
11:13 PM: Quarantining All Traces: virtumonde
11:14 PM: virtumonde is in use. It will be removed on reboot.
11:14 PM: C:\WINDOWS\system32\sstqo.dll is in use. It will be removed on reboot.
11:14 PM: Quarantining All Traces: 2o7.net cookie
11:14 PM: Quarantining All Traces: about cookie
11:14 PM: Quarantining All Traces: adbureau cookie
11:14 PM: Quarantining All Traces: adknowledge cookie
11:14 PM: Quarantining All Traces: adrevolver cookie
11:14 PM: Quarantining All Traces: adserver cookie
11:14 PM: Quarantining All Traces: advertising cookie
11:14 PM: Quarantining All Traces: atlas dmt cookie
11:14 PM: Quarantining All Traces: atwola cookie
11:14 PM: Quarantining All Traces: azjmp cookie
11:14 PM: Quarantining All Traces: banner cookie
11:14 PM: Quarantining All Traces: belnk cookie
11:14 PM: Quarantining All Traces: bluestreak cookie
11:14 PM: Quarantining All Traces: centrport net cookie
11:14 PM: Quarantining All Traces: coolsavings cookie
11:14 PM: Quarantining All Traces: coremetrics cookie
11:14 PM: Quarantining All Traces: epilot cookie
11:14 PM: Quarantining All Traces: fastclick cookie
11:14 PM: Quarantining All Traces: hitslink cookie
11:14 PM: Quarantining All Traces: marketplaces cookie
11:14 PM: Quarantining All Traces: metareward.com cookie
11:14 PM: Quarantining All Traces: overture cookie
11:14 PM: Quarantining All Traces: pointroll cookie
11:14 PM: Quarantining All Traces: questionmarket cookie
11:14 PM: Quarantining All Traces: realmedia cookie
11:14 PM: Quarantining All Traces: reliablestats cookie
11:14 PM: Quarantining All Traces: servedby advertising cookie
11:14 PM: Quarantining All Traces: server.iad.liveperson cookie
11:14 PM: Quarantining All Traces: specificclick.com cookie
11:14 PM: Quarantining All Traces: trafficmp cookie
11:14 PM: Quarantining All Traces: tribalfusion cookie
11:14 PM: Quarantining All Traces: webtrendslive cookie
11:14 PM: Quarantining All Traces: yieldmanager cookie
11:14 PM: Quarantining All Traces: zedo cookie
11:14 PM: Warning: Launched explorer.exe
11:14 PM: Warning: Quarantine process could not restart Explorer.
11:15 PM: Preparing to restart your computer. Please wait...
11:15 PM: Removal process completed. Elapsed time 00:02:03
********
10:49 PM: | Start of Session, Sunday, October 30, 2005 |
10:49 PM: Spy Sweeper started
10:49 PM: Sweep initiated using definitions version 564
10:49 PM: Starting Memory Sweep
10:49 PM: Sweep Canceled
10:49 PM: Memory Sweep Complete, Elapsed Time: 00:00:04
10:49 PM: Traces Found: 0
10:50 PM: | End of Session, Sunday, October 30, 2005 |
********
10:48 PM: | Start of Session, Sunday, October 30, 2005 |
10:48 PM: Spy Sweeper started
10:48 PM: Messenger service has been disabled.
10:49 PM: Your spyware definitions have been updated.
10:49 PM: | End of Session, Sunday, October 30, 2005 |
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looks like SpySweeper did a good job.

Lets be sure nothing is leftover.


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Post back with a fresh HijackThis log and the results of the WinPFind scan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP