Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

zestyfind removal help [RESOLVED]


  • This topic is locked This topic is locked

#1
efro

efro

    New Member

  • Member
  • Pip
  • 8 posts
Hi, I know very little about computers, but it seems someone has sent me a virus over an online messenger. I have tried numerous programs, including Norton and Adaware to try to remove this bug, and tried to go through the Symantec log to rename the virus and remove it, but that wouldn't work. I created a HiJackThis log, was hoping you could help me out. Please try to keep in mind how little I know about computers with whatever help you may have to offer. Thanks in advance, here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 7:06:01 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\adtech2006.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\UltimateBuddy\UltimateBuddy.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Eric\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\gpnol3531.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello and welcome to GeeksToGo. I apologize for the delay in someone getting to you. :) My name is Kat, and I will be helping you get your computer fixed back up and on the go. :tazz:

Let's start with a basic free scan, shall we?

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Download Now button to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Please also post me a fresh HijackThis log, along with the SpySweeper log. :)
  • 0

#3
efro

efro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks for the reply. i did as you said and here are the requested logs:

Spy Sweeper Session Log:
********
2:39 AM: | Start of Session, Wednesday, December 07, 2005 |
2:39 AM: Spy Sweeper started
2:39 AM: Sweep initiated using definitions version 579
2:39 AM: Starting Memory Sweep
2:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:40 AM: Found Adware: icannnews
2:40 AM: Detected running threat: C:\WINDOWS\system32\j8j6li1s18.dll (ID = 83)
2:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:54 AM: Memory Sweep Complete, Elapsed Time: 00:14:39
2:54 AM: Starting Registry Sweep
2:54 AM: Found Adware: findthewebsiteyouneed hijacker
2:54 AM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
2:54 AM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
2:54 AM: Registry Sweep Complete, Elapsed Time:00:00:38
2:54 AM: Starting Cookie Sweep
2:54 AM: Found Spy Cookie: atwola cookie
2:54 AM: eric@ar.atwola[2].txt (ID = 2256)
2:54 AM: eric@atwola[2].txt (ID = 2255)
2:54 AM: Found Spy Cookie: cassava cookie
2:54 AM: eric@cassava[1].txt (ID = 2362)
2:54 AM: Found Spy Cookie: partypoker cookie
2:54 AM: eric@partypoker[1].txt (ID = 3111)
2:54 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:54 AM: Starting File Sweep
2:55 AM: Found Adware: look2me
2:55 AM: appwrap[1].exe (ID = 65739)
2:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:57 AM: ktjml7111.dll (ID = 159)
2:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:58 AM: appwrap[1].exe (ID = 65722)
2:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
2:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:06 AM: Found Adware: targetsaver
3:06 AM: tsupdate2[1].ini (ID = 193498)
3:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:07 AM: icont.exe (ID = 65722)
3:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:11 AM: rwmuc.dll (ID = 195129)
3:11 AM: vocabulary (ID = 78283)
3:11 AM: class-barrel (ID = 78229)
3:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:12 AM: j8j6li1s18.dll (ID = 159)
3:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:21 AM: File Sweep Complete, Elapsed Time: 00:26:26
3:21 AM: Full Sweep has completed. Elapsed time 00:41:48
3:21 AM: Traces Found: 16
3:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:25 AM: Removal process initiated
3:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:27 AM: Quarantining All Traces: icannnews
3:27 AM: icannnews is in use. It will be removed on reboot.
3:27 AM: C:\WINDOWS\system32\j8j6li1s18.dll is in use. It will be removed on reboot.
3:27 AM: Quarantining All Traces: look2me
3:27 AM: look2me is in use. It will be removed on reboot.
3:27 AM: ktjml7111.dll is in use. It will be removed on reboot.
3:27 AM: j8j6li1s18.dll is in use. It will be removed on reboot.
3:27 AM: Quarantining All Traces: findthewebsiteyouneed hijacker
3:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:27 AM: Quarantining All Traces: targetsaver
3:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
3:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
3:27 AM: Quarantining All Traces: atwola cookie
3:27 AM: Quarantining All Traces: cassava cookie
3:27 AM: Quarantining All Traces: partypoker cookie
3:28 AM: Removal process completed. Elapsed time 00:03:17
********
2:37 AM: | Start of Session, Wednesday, December 07, 2005 |
2:37 AM: Spy Sweeper started
2:37 AM: Your spyware definitions have been updated.
2:39 AM: | End of Session, Wednesday, December 07, 2005 |


Hijack This Log Report:

Logfile of HijackThis v1.99.1
Scan saved at 3:30:27 AM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Eric\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\j8j6li1s18.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


thanks
  • 0

#4
efro

efro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
anything i can do to get rid of this?
  • 0

#5
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
First of all, can you please reboot the computer, and then post a new HijackThis log? Some of the things that SpySweeper quarantined will not be fully removed until you reboot, according to the log. :tazz: Once you do that, I will go thru the log and give you manual removal instructions for what's left.
  • 0

#6
efro

efro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
just restarted, heres freshest log:

Logfile of HijackThis v1.99.1
Scan saved at 12:04:22 AM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Eric\Desktop\HijackThis.exe
C:\Program Files\mIRC\mirc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ktjml7111.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#7
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Please re-open HijackThis, and scan for a new log. Place a check next to ONLY the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ktjml7111.dll (file missing)


Make sure all other windows, programs and browsers are closed, then click the "Fix Selected" button.

Reboot the computer.

I would like to see an uninstall log please. To get this:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


Make a reply here, with a copy of this uninstall list. Also give me a fresh HijackThis log, and let me know how things are running now. :tazz:
  • 0

#8
efro

efro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did as you said and included the requested logs. I'll let you know how the system is running and whether I encounter any more problems. Thanks for your help - will keep you posted

uninstall.txt:

Absolute Poker
Ace Media Player
Ad Muncher
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOLIcon
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Bodog Poker Version 1.9.12.0
Broadcom Management Programs 2
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Conexant D110 MDC V.9x Modem
Dell Picture Studio v3.0
Dell Support 3.1
Digital Content Portal
Digital Line Detect
EarthLink setup files
EducateU
ESPNMotion
EurobetPoker (remove only)
ewido security suite
ffdshow
Full Tilt Poker
GamesGrid Poker
GemMaster Mystic
Get High Speed Internet!
HijackThis 1.99.1
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
InterPoker
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire 4.9.35
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Magic Online
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1 (SR1)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIRC
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.0.7)
mPfMgr
mPfWiz
mProSafe
MSRedist
mSSO
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
MyWay Search Assistant
mZConfig
NetWaiting
NetZeroInstallers
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Otto
Pacific Poker
Paradise Poker
PartyPoker
PartyPokerBeta
Poker Academy Pro 2 Demo
Poker Tracker Version 2.08.02
Poker World
PokerStars
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Spy Sweeper
Symantec Script Blocking Installer
SymNet
Trillian
TruePoker
TruePoker (High Res)
UltimateBet
UltimateBuddy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
VideoLAN VLC media player 0.8.2
Viewpoint Media Player
VX2 Cleaner plug-in for Ad-Aware SE
WebCyberCoach 3.2 Dell
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
WinRAR archiver
WinZip
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar



hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:05:08 AM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Eric\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Program Files\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPokerBeta\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#9
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
:) Those logs are clean. :tazz: Let me know if you're still having any trouble. :)
  • 0

#10
efro

efro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No popups or any signs of problems through the first half hour, which I take as a very good sign no matter what since they used to occur every minute. I appreciate the help, will update tomorrow with whatever problems I may encounter or to report no problems still existing. Thanks again!
  • 0

#11
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Congratulations! Your log is now clean! :tazz:

Here are some items that you will want to add to your to-do list:

These are some tips to reduce the potential for Spyware/Adware/Virus infection in the future:
I would strongly recommend reviewing and installing the following applications if you dont currently have them running on your system:

Use Anti-Virus Software
It is very important that your computer has Anti-Virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online and stand-alone Anti-Virus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software
It is imperitive that you update your Anti-Virus software at least once a week (Even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Spyware/Adware Detection and Removal Programs:
Understanding Spyware, Browser Hijackers, and DialersAd-Aware SEIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Ad-Aware SE
How to use Ad-Aware SE to remove Spyware
[/list]Spybot S&DIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Spybot S&D
How to use Spybot to remove Spyware
[/list]I strongly recommend using both of these programs to catch most spyware/adware

Prevention Programs:
  • SpywareBlaster -- SpywareBlaster will prevent spyware from being installed.
  • SpywareGuard -- SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad -- IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts File -- The MVPS Hosts File replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar -- Get the free Google Toolbar to help stop pop up windows.
Other Necessary Programs:
  • A More Secure Browser
    Internet Explorer is not the most secure and best browser.
    There are safer and better alternatives available. I recommend using Firefox
Be sure to also keep up with Windows and IE updates.

Windows Security and Critical Updates
http://v4.windowsupdate.microsoft.com/en/default.asp

Internet Explorer Security and Critical Updates
http://www.microsoft.com/windows/ie/default.asp

And also see TonyKlein's good advice
So how did I get infected in the first place?

Update all these Programs Regularly:Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

  • 0

#12
efro

efro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
no signs of any of the problems ive had before still, gonna hope that nothing comes back. thanks for everything
  • 0

#13
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP