Ok computer is definitly a little faster on startup/shutdown. also better when opening and closing programs but still a lot of memory being used up. Also want to add that when I reboot and the windows startup screen comes up, where you click which user, well that is gone and has been gone since before we started, but i forgot to tell you that. It just says welcome. Maybe that is why I am having problems with administrator. I did all except the kaspersky scanner. It would not load error message is: Failed to load Kaspersky online scanner ActiveX control!
You must have administrative rights on this computer; you must
also have Internet Explorer security settings set to medium!
I am the administrator and the IE settings are medium. Is it possible a virus took over and made themselves administrator. I have posted my PCcillin logs below:"Virus Scan","2006/01/03","MAINHOME"
"Time","Event","Source Type","Virus Name","File Name","First Action","Second Action"
"07:54","Manual Scan","File","TROJ_EXITWIN.F","C:\Documents and Settings\Mom.MAINHOME\Local Settings\Temp\rsysinit.exe","Quarantine Success",""
"Virus Scan","2005/12/28","MAINHOME"
"Time","Event","Source Type","Virus Name","File Name","First Action","Second Action"
"16:30","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\WINDOWS\TIMESSQUARE.EXE","Deny Access",""
"16:31","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\WINDOWS\TIMESSQUARE.EXE","Deny Access",""
"17:41","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\windows\timessquare.exe","Deny Access",""
"18:55","Manual Scan","File","HTML_ALPHX.C","C:\Documents and Settings\Lauren.MAINHOME\Local Settings\Temporary Internet Files\Content.IE5\BZ9RFPOW\iav[1].hta","Quarantine Success",""
"18:55","Manual Scan","File","HTML_ALPHX.C","C:\Documents and Settings\Lauren.MAINHOME\Local Settings\Temporary Internet Files\Content.IE5\BZ9RFPOW\iav[2].hta","Quarantine Success",""
"18:55","Manual Scan","File","HTML_ALPHX.C","C:\Documents and Settings\Lauren.MAINHOME\Local Settings\Temporary Internet Files\Content.IE5\BZ9RFPOW\iav[3].hta","Quarantine Success",""
"19:15","Manual Scan","File","TROJ_DLOADER.ATW","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\05YN0X63\MTE3NDI6ODoxNg[1].exe","Quarantine Success",""
"19:15","Manual Scan","File","TROJ_CLICKER.FC","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CXYFCHUN\adtech2006a[1].exe","Quarantine Success",""
"19:15","Manual Scan","File","TROJ_DRSMARTL.A","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODQFGTU7\drsmartload[1].exe","Quarantine Success",""
"19:15","Manual Scan","File","TROJ_TSUPDATE.G","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODQFGTU7\stub_113_4_0_4_0[1].exe","Quarantine Success",""
"19:21","Manual Scan","File","JAVA_CLOADER.E","A.class (C:\Documents and Settings\Mom.MAINHOME\.jpi_cache\jar\1.0\ar.jar-24cf9bc4-12893560.zip)","Quarantine Fail",""
"19:21","Manual Scan","File","---","C:\Documents and Settings\Mom.MAINHOME\.jpi_cache\jar\1.0\ar.jar-24cf9bc4-12893560.zip","Quarantine Success",""
"19:21","Manual Scan","File","JAVA_BYTEVER.A","Colors.class (C:\Documents and Settings\Mom.MAINHOME\.jpi_cache\jar\1.0\archive.jar-18c96186-17a10aea.zip)","Quarantine Fail",""
"19:21","Manual Scan","File","---","C:\Documents and Settings\Mom.MAINHOME\.jpi_cache\jar\1.0\archive.jar-18c96186-17a10aea.zip","Quarantine Success",""
"19:54","Manual Scan","File","TROJ_DRSMARTL.A","C:\drsmartload1.exe","Quarantine Success",""
"19:56","Manual Scan","File","TROJ_DLOADER.ATW","C:\MTE3NDI6ODoxNg.exe","Quarantine Success",""
"20:34","Manual Scan","File","TROJ_TSUPDATE.G","C:\stub_113_4_0_4_0.exe","Quarantine Success",""
"23:05","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\WINDOWS\timessquare.exe","Deny Access",""
Virus Scan","2005/12/29","MAINHOME"
"Time","Event","Source Type","Virus Name","File Name","First Action","Second Action"
"03:26","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\05YN0X63\timessquare[1].exe","Deny Access",""
"03:26","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\05YN0X63\TIMESS~1.EXE","Deny Access",""
"07:38","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\WINDOWS\timessquare.exe","Deny Access",""
"07:38","Real-time Protection","File","ADW_DCTOOLBAR.A","C:\WINDOWS\TIMESS~1.EXE","Deny Access",""
"07:39","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\z00096.exe","Deny Access",""
"08:14","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.dll","Deny Access",""
"08:16","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.dll","Deny Access",""
"08:26","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\Z00096.EXE","Deny Access",""
"08:27","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.dll","Deny Access",""
"08:29","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.dll","Deny Access",""
"08:47","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.DLL","Deny Access",""
"11:04","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.dll","Deny Access",""
"11:04","Real-time Protection","File","ADW_ZQUEST.A","C:\WINDOWS\DH.dll","Deny Access",""
Here is my spysweeper logs:*******
1:19 PM: | Start of Session, Thursday, January 05, 2006 |
1:19 PM: Spy Sweeper started
1:19 PM: Sweep initiated using definitions version 595
1:19 PM: Starting Memory Sweep
1:27 PM: Memory Sweep Complete, Elapsed Time: 00:07:52
1:27 PM: Starting Registry Sweep
1:28 PM: Registry Sweep Complete, Elapsed Time:00:00:56
1:28 PM: Starting Cookie Sweep
1:28 PM: Found Spy Cookie: specificclick.com cookie
1:28 PM:
[email protected][1].txt (ID = 3400)
1:28 PM: Found Spy Cookie: apmebf cookie
1:28 PM: mom@apmebf[2].txt (ID = 2229)
1:28 PM: Found Spy Cookie: ic-live cookie
1:28 PM: mom@ic-live[1].txt (ID = 2821)
1:28 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
1:28 PM: Starting File Sweep
2:55 PM: File Sweep Complete, Elapsed Time: 01:26:30
2:55 PM: Full Sweep has completed. Elapsed time 01:35:36
2:55 PM: Traces Found: 3
5:22 PM: Removal process initiated
5:22 PM: Quarantining All Traces: apmebf cookie
5:22 PM: Quarantining All Traces: ic-live cookie
5:22 PM: Quarantining All Traces: specificclick.com cookie
5:22 PM: Removal process completed. Elapsed time 00:00:49
6:36 PM: Download has been canceled at your request.
6:37 PM: Deletion from quarantine initiated
6:37 PM: Processing: 66.246.209 cookie
6:37 PM: Processing: about cookie
6:37 PM: Processing: adserver cookie
6:37 PM: Processing: apmebf cookie
6:37 PM: Processing: ask cookie
6:37 PM: Processing: atwola cookie
6:37 PM: Processing: bravenet cookie
6:37 PM: Processing: centrport net cookie
6:37 PM: Processing: dollarrevenue
6:37 PM: Processing: falkag cookie
6:37 PM: Processing: ic-live cookie
6:37 PM: Processing: monstermarketplace cookie
6:37 PM: Processing: nextag cookie
6:37 PM: Processing: partypoker cookie
6:37 PM: Processing: reliablestats cookie
6:37 PM: Processing: specificclick.com cookie
6:37 PM: Processing: statcounter cookie
6:37 PM: Processing: surfsidekick
6:37 PM: Processing: toplist cookie
6:37 PM: Processing: tribalfusion cookie
6:37 PM: Processing: winantiviruspro cookie
6:37 PM: Deletion from quarantine completed. Elapsed time 00:00:01
********
12:21 PM: | Start of Session, Wednesday, January 04, 2006 |
12:21 PM: Spy Sweeper started
12:21 PM: Sweep initiated using definitions version 595
12:21 PM: Starting Memory Sweep
12:29 PM: Memory Sweep Complete, Elapsed Time: 00:07:49
12:29 PM: Starting Registry Sweep
12:30 PM: Registry Sweep Complete, Elapsed Time:00:01:37
12:30 PM: Starting Cookie Sweep
12:30 PM: Found Spy Cookie: 2o7.net cookie
12:30 PM: mom@2o7[1].txt (ID = 1957)
12:30 PM: Found Spy Cookie: 66.246.209 cookie
12:30 PM:
[email protected][1].txt (ID = 1997)
12:30 PM: Found Spy Cookie: about cookie
12:30 PM: mom@about[2].txt (ID = 2037)
12:30 PM: Found Spy Cookie: specificclick.com cookie
12:30 PM:
[email protected][2].txt (ID = 3400)
12:30 PM: Found Spy Cookie: apmebf cookie
12:30 PM: mom@apmebf[1].txt (ID = 2229)
12:30 PM: Found Spy Cookie: falkag cookie
12:30 PM:
[email protected][2].txt (ID = 2650)
12:30 PM: Found Spy Cookie: ask cookie
12:30 PM: mom@ask[1].txt (ID = 2245)
12:30 PM: Found Spy Cookie: atwola cookie
12:30 PM: mom@atwola[1].txt (ID = 2255)
12:30 PM: Found Spy Cookie: bravenet cookie
12:30 PM: mom@bravenet[1].txt (ID = 2322)
12:30 PM: Found Spy Cookie: centrport net cookie
12:30 PM: mom@centrport[1].txt (ID = 2374)
12:30 PM:
[email protected][1].txt (ID = 2038)
12:30 PM: Found Spy Cookie: ic-live cookie
12:30 PM: mom@ic-live[1].txt (ID = 2821)
12:30 PM: Found Spy Cookie: monstermarketplace cookie
12:30 PM: mom@monstermarketplace[1].txt (ID = 3006)
12:30 PM: Found Spy Cookie: nextag cookie
12:30 PM: mom@nextag[1].txt (ID = 5014)
12:30 PM: Found Spy Cookie: partypoker cookie
12:30 PM: mom@partypoker[2].txt (ID = 3111)
12:30 PM: Found Spy Cookie: statcounter cookie
12:30 PM: mom@statcounter[1].txt (ID = 3447)
12:30 PM: Found Spy Cookie: reliablestats cookie
12:30 PM:
[email protected][1].txt (ID = 3254)
12:30 PM: Found Spy Cookie: toplist cookie
12:30 PM: mom@toplist[1].txt (ID = 3557)
12:30 PM: Found Spy Cookie: tribalfusion cookie
12:30 PM: mom@tribalfusion[2].txt (ID = 3589)
12:30 PM: Found Spy Cookie: winantiviruspro cookie
12:30 PM:
[email protected][2].txt (ID = 3690)
12:30 PM: Found Spy Cookie: adserver cookie
12:30 PM:
[email protected][1].txt (ID = 2142)
12:30 PM: Found Spy Cookie: zedo cookie
12:30 PM: mom@zedo[1].txt (ID = 3762)
12:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06
12:30 PM: Starting File Sweep
12:33 PM: Found Adware: surfsidekick
12:33 PM: ss1001.exe (ID = 216718)
1:59 PM: Found Adware: dollarrevenue
1:59 PM: dra.exe (ID = 216564)
2:13 PM: File Sweep Complete, Elapsed Time: 01:43:03
2:14 PM: Full Sweep has completed. Elapsed time 01:39:56
2:14 PM: Traces Found: 24
2:41 PM: Removal process initiated
2:41 PM: Quarantining All Traces: surfsidekick
2:41 PM: Quarantining All Traces: dollarrevenue
2:41 PM: Quarantining All Traces: 2o7.net cookie
2:41 PM: Quarantining All Traces: 66.246.209 cookie
2:41 PM: Quarantining All Traces: about cookie
2:41 PM: Quarantining All Traces: adserver cookie
2:41 PM: Quarantining All Traces: apmebf cookie
2:41 PM: Quarantining All Traces: ask cookie
2:41 PM: Quarantining All Traces: atwola cookie
2:41 PM: Quarantining All Traces: bravenet cookie
2:41 PM: Quarantining All Traces: centrport net cookie
2:41 PM: Quarantining All Traces: falkag cookie
2:41 PM: Quarantining All Traces: ic-live cookie
2:41 PM: Quarantining All Traces: monstermarketplace cookie
2:41 PM: Quarantining All Traces: nextag cookie
2:41 PM: Quarantining All Traces: partypoker cookie
2:41 PM: Quarantining All Traces: reliablestats cookie
2:41 PM: Quarantining All Traces: specificclick.com cookie
2:41 PM: Quarantining All Traces: statcounter cookie
2:41 PM: Quarantining All Traces: toplist cookie
2:41 PM: Quarantining All Traces: tribalfusion cookie
2:41 PM: Quarantining All Traces: winantiviruspro cookie
2:41 PM: Quarantining All Traces: zedo cookie
2:42 PM: Removal process completed. Elapsed time 00:00:47
2:44 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
2:44 PM: IE Tracking Cookies Shield: Removed zedo cookie
3:06 PM: IE Tracking Cookies Shield: Removed centrport net cookie
3:18 PM: IE Tracking Cookies Shield: Removed reliablestats cookie
3:18 PM: IE Tracking Cookies Shield: Removed toplist cookie
3:20 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
3:21 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
3:21 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
3:23 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
5:09 PM: Warning: Failed to get log from SSI driver. Insufficient system resources exist to complete the requested service
5:18 PM: IE Tracking Cookies Shield: Removed overture cookie
5:18 PM: IE Tracking Cookies Shield: Removed overture cookie
7:05 PM: Warning: Failed to get log from SSI driver. Insufficient system resources exist to complete the requested service
10:21 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
11:29 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
11:29 PM: IE Tracking Cookies Shield: Removed adserver cookie
11:30 PM: IE Tracking Cookies Shield: Removed adserver cookie
11:31 PM: IE Tracking Cookies Shield: Removed zedo cookie
12:10 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:10 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:10 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:13 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:13 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:13 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:13 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:16 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:16 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:19 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:19 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:19 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:19 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:19 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:19 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:23 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:23 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:23 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:26 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:26 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:26 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:28 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:28 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:35 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:35 AM: IE Tracking Cookies Shield: Removed adserver cookie
12:38 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:38 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:39 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:40 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:41 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:44 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:44 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:45 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:46 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:46 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:47 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:47 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:50 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:50 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:50 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:51 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:53 AM: Warning: Failed to get log from SSI driver. Insufficient system resources exist to complete the requested service
12:59 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
1:18 AM: IE Tracking Cookies Shield: Removed reliablestats cookie
1:18 AM: IE Tracking Cookies Shield: Removed reliablestats cookie
1:39 AM: IE Tracking Cookies Shield: Removed reliablestats cookie
1:50 AM: IE Tracking Cookies Shield: Removed centrport net cookie
1:56 AM: Warning: Failed to check file "C:\DOCUME~1\MOM~1.MAI\LOCALS~1\TEMP\SET57.TMP". Stream read error
********
12:08 PM: | Start of Session, Wednesday, January 04, 2006 |
12:08 PM: Spy Sweeper started
12:20 PM: Updating spyware definitions
12:20 PM: Your definitions are up to date.
12:20 PM: Updating spyware definitions
12:20 PM: Your definitions are up to date.
12:21 PM: Updating spyware definitions
12:21 PM: Your definitions are up to date.
12:21 PM: | End of Session, Wednesday, January 04, 2006 |
And finally an Ewido AntiMalware log:ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:33:34 PM, 1/7/2006
+ Report-Checksum: CE54D400
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-1844237615-1677128483-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\mom@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Mom.MAINHOME\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
::Report End
My lastest Hijack log:Logfile of HijackThis v1.99.1
Scan saved at 6:45:48 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MemoryBoost\MemoryBoost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1127796192\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\HijackHJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://joemac.net/Su...CameraPage.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.safehavenpc.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://joemac.net/Su...CameraPage.htmlR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MemoryBoost] "C:\Program Files\MemoryBoost\MemoryBoost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127796192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite\kpp.exe" "C:\Program Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.safehavenpc.com
O16 - DPF: Blackjack by pogo -
http://game1.pogo.co...k-ob-assets.cabO16 - DPF: Dice Derby by pogo -
http://game1.pogo.co...g-ob-assets.cabO16 - DPF: Harvest Mania by pogo -
http://game1.pogo.co...t-ob-assets.cabO16 - DPF: Lottso by pogo -
http://game1.pogo.co...o-ob-assets.cabO16 - DPF: Phlinx by pogo -
http://game1.pogo.co...r-ob-assets.cabO16 - DPF: symsupportutil -
https://www-secure.s...supportutil.CABO16 - DPF: Texas Hold'em Poker by pogo -
http://game1.pogo.co...m-ob-assets.cabO16 - DPF: Tri-Peaks by pogo -
http://game1.pogo.co...s-ob-assets.cabO16 - DPF: Word Whomp Whackdown by pogo -
http://game1.pogo.co...n-ob-assets.cabO16 - DPF: WordJong by pogo -
http://game1.pogo.co...g-ob-assets.cabO16 - DPF: {04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) -
http://www.quick-ste...cre8tiv3dix.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) -
http://64.143.186.13...Q/bin/WebIQ.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150...ip/RdxIE601.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) -
http://www1.pcpitsto...virus/PCPAV.CABO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
https://www.lifescan...tdms/isetup.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://12.149.234.19...sCamControl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) -
http://64.154.241.30/wg_webeye.cabO16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) -
http://216.157.26.3/svideo3.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://aolsvc.aol.co...aploader_v7.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.s.../ActiveData.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abac...abasetup152.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?315O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Your time is greatly appreciated.
Dawn
Edited by Dlsnj, 07 January 2006 - 06:58 PM.