Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

LadyZ510

34 Posts

1913

April 9th, 2006 18:00

new Sun Java program is installed-hopefully

I have installed the new version of Sun Java and I have uninstalled the old (1.4.2_03) version. I am posting my HJT log. I am assuming when you say post an updated/revised HJT log, that it automatically update/revises itself. I just opened the HJT log and copied it.
 
LadyZ510
 
Logfile of HijackThis v1.99.1
Scan saved at 9:23:51 AM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\HJT\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3112.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lirnsble - lirnsble.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
 

ALgal

1.2K Posts

April 9th, 2006 20:00

Hello Lady,

Please do the following:

Microsoft Antispyware has been updated and renamed Microsoft Windows Defender. Uninstall Microsoft Antispyware. You can download the new version from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Update Your Java
Update your Java to the latest version.
  • Uninstall any and all versions you have listed in add/remove programs
  • Install the latest version from here: http://www.java.com/en/




STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless you are instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.


STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:

  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


Empty Recycle Bin
Reboot

Please post the results from SpySweeper, ewido and a new hijackthis log.

LadyZ510

34 Posts

April 10th, 2006 01:00

Algal,

I keep getting a message that says that my message cannot exceed 20,000 characters. It is going on 1100 pm and I need to get ready for work, so I will continue trying to this tomorrow.

 

LadyZ

LadyZ510

34 Posts

April 10th, 2006 01:00

Hmmm . . . I am not sure what to do here. Should I just break the logs into sections like that and send them to you? Or is there an easier way to do this?

LadyZ510

34 Posts

April 10th, 2006 01:00

Hi Algal, I am trying to send the logs to you, but it keeps telling me that I have an invalid html message.

LadyZ510

34 Posts

April 10th, 2006 01:00

********
8:09 PM: |       Start of Session, Sunday, April 09, 2006       |
8:09 PM: Spy Sweeper started
8:09 PM: Sweep initiated using definitions version 652
8:09 PM: Starting Memory Sweep
8:13 PM: Memory Sweep Complete, Elapsed Time: 00:04:10
8:13 PM: Starting Registry Sweep
8:13 PM:   Found Adware: navexcel navhelper
8:13 PM:   HKCR\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}\  (8 subtraces) (ID = 135518)
8:13 PM:   HKLM\software\classes\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}\  (8 subtraces) (ID = 135531)
8:13 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\navhelper\  (3 subtraces) (ID = 135546)
8:13 PM:   Found Adware: screensavers
8:13 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\screensaversinstaller\  (2 subtraces) (ID = 140568)

LadyZ510

34 Posts

April 10th, 2006 09:00

Good morning Algal,

I managed to send the Ewido and the HJT log. It would not let me send the Spysweeper log. I will figure out how to send this later this afternoon or this evening.

Thanks, LadyZ

LadyZ510

34 Posts

April 10th, 2006 09:00

Logfile of HijackThis v1.99.1
Scan saved at 10:06:06 PM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3112.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lirnsble - lirnsble.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

LadyZ510

34 Posts

April 10th, 2006 09:00

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------
 + Created on:   9:49:36 PM, 4/9/2006
 + Report-Checksum:  38F270F6
 + Scan result:
 HKU\S-1-5-21-4258765524-3175023838-733447551-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-4A68-A602-5812EB50A834} -> Adware.Virtumonde : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@com[2].txt -> TrackingCookie.Com : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@ehg-wachovia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@planetfungames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@rccl.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@rccl.bridgetrack[3].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
 C:\Documents and Settings\Sharron Cunningham\Cookies\sharron cunningham@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
 C:\Program Files\Microsoft AntiSpyware\Quarantine\2927E5FE-0600-403F-862F-E26D2D\28DE376E-184D-4AC9-A4DE-9CEE36 -> Adware.NavExcel : Cleaned with backup
 C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
 C:\WINDOWS\system32\mljjg.dll -> Downloader.ConHook.k : Cleaned with backup

::Report End

LadyZ510

34 Posts

April 11th, 2006 00:00

********
8:09 PM: |       Start of Session, Sunday, April 09, 2006       |
8:09 PM: Spy Sweeper started
8:09 PM: Sweep initiated using definitions version 652
8:09 PM: Starting Memory Sweep
8:13 PM: Memory Sweep Complete, Elapsed Time: 00:04:10
8:13 PM: Starting Registry Sweep
8:13 PM:   Found Adware: navexcel navhelper
8:13 PM:   HKCR\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}\  (8 subtraces) (ID = 135518)
8:13 PM:   HKLM\software\classes\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}\  (8 subtraces) (ID = 135531)
8:13 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\navhelper\  (3 subtraces) (ID = 135546)
8:13 PM:   Found Adware: screensavers
8:13 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\screensaversinstaller\  (2 subtraces) (ID = 140568)
8:14 PM: Registry Sweep Complete, Elapsed Time:00:00:23
8:14 PM: Starting Cookie Sweep
8:14 PM:   Found Spy Cookie: 123count cookie
8:14 PM:   sharron cunningham@123count[1].txt (ID = 1927)
8:14 PM:   Found Spy Cookie: 247realmedia cookie
8:14 PM:   sharron cunningham@247realmedia[1].txt (ID = 1953)
8:14 PM:   Found Spy Cookie: 2o7.net cookie
8:14 PM:   sharron cunningham@2o7[1].txt (ID = 1957)
8:14 PM:   Found Spy Cookie: 888 cookie
8:14 PM:   sharron cunningham@888[1].txt (ID = 2019)
8:14 PM:   sharron cunningham@888[2].txt (ID = 2019)
8:14 PM:   Found Spy Cookie: yieldmanager cookie
8:14 PM:   sharron cunningham@ad.yieldmanager[1].txt (ID = 3751)
8:14 PM:   Found Spy Cookie: adknowledge cookie
8:14 PM:   sharron cunningham@adknowledge[1].txt (ID = 2072)
8:14 PM:   Found Spy Cookie: specificclick.com cookie
8:14 PM:   sharron cunningham@adopt.specificclick[1].txt (ID = 3400)
8:14 PM:   Found Spy Cookie: adrevolver cookie
8:14 PM:   sharron cunningham@adrevolver[1].txt (ID = 2088)
8:14 PM:   sharron cunningham@adrevolver[2].txt (ID = 2088)
8:14 PM:   Found Spy Cookie: addynamix cookie
8:14 PM:   sharron cunningham@ads.addynamix[2].txt (ID = 2062)
8:14 PM:   Found Spy Cookie: cc214142 cookie
8:14 PM:   sharron cunningham@ads.cc214142[2].txt (ID = 2367)
8:14 PM:   Found Spy Cookie: pointroll cookie
8:14 PM:   sharron cunningham@ads.pointroll[2].txt (ID = 3148)
8:14 PM:   Found Spy Cookie: adtech cookie
8:14 PM:   sharron cunningham@adtech[2].txt (ID = 2155)
8:14 PM:   Found Spy Cookie: adultfriendfinder cookie
8:14 PM:   sharron cunningham@adultfriendfinder[1].txt (ID = 2165)
8:14 PM:   Found Spy Cookie: advertising cookie
8:14 PM:   sharron cunningham@advertising[1].txt (ID = 2175)
8:14 PM:   Found Spy Cookie: tacoda cookie
8:14 PM:   sharron cunningham@anat.tacoda[1].txt (ID = 6445)
8:14 PM:   Found Spy Cookie: falkag cookie
8:14 PM:   sharron cunningham@as-us.falkag[1].txt (ID = 2650)
8:14 PM:   sharron cunningham@as1.falkag[2].txt (ID = 2650)
8:14 PM:   Found Spy Cookie: ask cookie
8:14 PM:   sharron cunningham@ask[2].txt (ID = 2245)
8:14 PM:   Found Spy Cookie: atlas dmt cookie
8:14 PM:   sharron cunningham@atdmt[2].txt (ID = 2253)
8:14 PM:   Found Spy Cookie: atwola cookie
8:14 PM:   sharron cunningham@atwola[1].txt (ID = 2255)
8:14 PM:   Found Spy Cookie: bluestreak cookie
8:14 PM:   sharron cunningham@bluestreak[1].txt (ID = 2314)

LadyZ510

34 Posts

April 11th, 2006 01:00

8:44 PM:   Quarantining All Traces: clickbank cookie
8:44 PM:   Quarantining All Traces: clickzs cookie
8:44 PM:   Quarantining All Traces: coremetrics cookie
8:44 PM:   Quarantining All Traces: dealtime cookie
8:44 PM:   Quarantining All Traces: exitexchange cookie
8:44 PM:   Quarantining All Traces: falkag cookie
8:44 PM:   Quarantining All Traces: fastclick cookie
8:44 PM:   Quarantining All Traces: fortunecity cookie
8:44 PM:   Quarantining All Traces: hitslink cookie
8:44 PM:   Quarantining All Traces: ic-live cookie
8:44 PM:   Quarantining All Traces: inet-traffic.com cookie
8:44 PM:   Quarantining All Traces: linksynergy cookie
8:44 PM:   Quarantining All Traces: maxserving cookie
8:44 PM:   Quarantining All Traces: mediaplex cookie
8:44 PM:   Quarantining All Traces: mygeek cookie
8:44 PM:   Quarantining All Traces: netster cookie
8:44 PM:   Quarantining All Traces: nextag cookie
8:44 PM:   Quarantining All Traces: onestat.com cookie
8:44 PM:   Quarantining All Traces: one-time-offer cookie
8:44 PM:   Quarantining All Traces: overture cookie
8:44 PM:   Quarantining All Traces: partypoker cookie
8:44 PM:   Quarantining All Traces: passion cookie
8:44 PM:   Quarantining All Traces: pointroll cookie
8:44 PM:   Quarantining All Traces: pro-market cookie
8:44 PM:   Quarantining All Traces: questionmarket cookie
8:44 PM:   Quarantining All Traces: rambler cookie
8:44 PM:   Quarantining All Traces: realmedia cookie
8:44 PM:   Quarantining All Traces: reliablestats cookie
8:44 PM:   Quarantining All Traces: revenue.net cookie
8:44 PM:   Quarantining All Traces: ru4 cookie
8:44 PM:   Quarantining All Traces: screensavers.com cookie
8:44 PM:   Quarantining All Traces: seeq cookie
8:44 PM:   Quarantining All Traces: servedby advertising cookie
8:44 PM:   Quarantining All Traces: server.iad.liveperson cookie
8:44 PM:   Quarantining All Traces: serving-sys cookie
8:45 PM:   Quarantining All Traces: sextracker cookie
8:45 PM:   Quarantining All Traces: specificclick.com cookie
8:45 PM:   Quarantining All Traces: starware.com cookie
8:45 PM:   Quarantining All Traces: statcounter cookie
8:45 PM:   Quarantining All Traces: stopzilla cookie
8:45 PM:   Quarantining All Traces: tacoda cookie
8:45 PM:   Quarantining All Traces: targetnet cookie
8:45 PM:   Quarantining All Traces: tracking cookie
8:45 PM:   Quarantining All Traces: tradedoubler cookie
8:45 PM:   Quarantining All Traces: trafficmp cookie
8:45 PM:   Quarantining All Traces: trb.com cookie
8:45 PM:   Quarantining All Traces: tribalfusion cookie
8:45 PM:   Quarantining All Traces: webtrends cookie
8:45 PM:   Quarantining All Traces: webtrendslive cookie
8:45 PM:   Quarantining All Traces: winantispyware 2005
8:45 PM:   Quarantining All Traces: winantiviruspro cookie
8:45 PM:   Quarantining All Traces: x10 cookie
8:45 PM:   Quarantining All Traces: yieldmanager cookie
8:45 PM:   Quarantining All Traces: zedo cookie
8:45 PM: Removal process completed.  Elapsed time 00:00:28
********
8:05 PM: |       Start of Session, Sunday, April 09, 2006       |
8:05 PM: Spy Sweeper started
8:06 PM: Your spyware definitions have been updated.
8:09 PM: |       End of Session, Sunday, April 09, 2006       |

LadyZ510

34 Posts

April 11th, 2006 01:00

8:14 PM:   Found Spy Cookie: bluestreak cookie
8:14 PM:   sharron cunningham@bluestreak[1].txt (ID = 2314)
8:14 PM:   Found Spy Cookie: burstnet cookie
8:14 PM:   sharron cunningham@burstnet[1].txt (ID = 2336)
8:14 PM:   Found Spy Cookie: casalemedia cookie
8:14 PM:   sharron cunningham@casalemedia[2].txt (ID = 2354)
8:14 PM:   Found Spy Cookie: cassava cookie
8:14 PM:   sharron cunningham@cassava[1].txt (ID = 2362)
8:14 PM:   Found Spy Cookie: centrport net cookie
8:14 PM:   sharron cunningham@centrport[1].txt (ID = 2374)
8:14 PM:   Found Spy Cookie: classmates cookie
8:14 PM:   sharron cunningham@classmates[2].txt (ID = 2384)
8:14 PM:   Found Spy Cookie: clickbank cookie
8:14 PM:   sharron cunningham@clickbank[1].txt (ID = 2398)
8:14 PM:   sharron cunningham@cnn.122.2o7[1].txt (ID = 1958)
8:14 PM:   Found Spy Cookie: hitslink cookie
8:14 PM:   sharron cunningham@counter2.hitslink[2].txt (ID = 2790)
8:14 PM:   Found Spy Cookie: clickzs cookie
8:14 PM:   sharron cunningham@cz3.clickzs[2].txt (ID = 2413)
8:14 PM:   Found Spy Cookie: coremetrics cookie
8:14 PM:   sharron cunningham@data.coremetrics[1].txt (ID = 2472)
8:14 PM:   Found Spy Cookie: overture cookie
8:14 PM:   sharron cunningham@data2.perf.overture[2].txt (ID = 3106)
8:14 PM:   Found Spy Cookie: ru4 cookie
8:14 PM:   sharron cunningham@edge.ru4[1].txt (ID = 3269)
8:14 PM:   Found Spy Cookie: exitexchange cookie
8:14 PM:   sharron cunningham@exitexchange[1].txt (ID = 2633)
8:14 PM:   Found Spy Cookie: fastclick cookie
8:14 PM:   sharron cunningham@fastclick[1].txt (ID = 2651)
8:14 PM:   sharron cunningham@ford.112.2o7[1].txt (ID = 1958)
8:14 PM:   Found Spy Cookie: fortunecity cookie
8:14 PM:   sharron cunningham@fortunecity[2].txt (ID = 2686)
8:14 PM:   Found Spy Cookie: clickandtrack cookie
8:14 PM:   sharron cunningham@hits.clickandtrack[1].txt (ID = 2397)
8:14 PM:   Found Spy Cookie: ic-live cookie
8:14 PM:   sharron cunningham@ic-live[1].txt (ID = 2821)
8:14 PM:   Found Spy Cookie: inet-traffic.com cookie
8:14 PM:   sharron cunningham@inet-traffic[1].txt (ID = 2855)
8:14 PM:   Found Spy Cookie: netster cookie
8:14 PM:   sharron cunningham@lb1.netster[1].txt (ID = 3072)
8:14 PM:   sharron cunningham@lb3.netster[1].txt (ID = 3072)
8:14 PM:   Found Spy Cookie: linksynergy cookie
8:14 PM:   sharron cunningham@linksynergy[2].txt (ID = 2926)
8:14 PM:   sharron cunningham@linksynergy[3].txt (ID = 2926)
8:14 PM:   Found Spy Cookie: webtrends cookie
8:14 PM:   sharron cunningham@m.webtrends[1].txt (ID = 3669)
8:14 PM:   Found Spy Cookie: maxserving cookie
8:14 PM:   sharron cunningham@maxserving[1].txt (ID = 2966)
8:14 PM:   sharron cunningham@maxserving[2].txt (ID = 2966)
8:14 PM:   sharron cunningham@maxserving[4].txt (ID = 2966)
8:14 PM:   sharron cunningham@media.fastclick[2].txt (ID = 2652)
8:14 PM:   sharron cunningham@media.fastclick[3].txt (ID = 2652)
8:14 PM:   Found Spy Cookie: mediaplex cookie
8:14 PM:   sharron cunningham@mediaplex[1].txt (ID = 6442)
8:14 PM:   sharron cunningham@mediaplex[2].txt (ID = 6442)
8:14 PM:   sharron cunningham@mediaplex[4].txt (ID = 6442)
8:14 PM:   sharron cunningham@meetupcom.122.2o7[1].txt (ID = 1958)
8:14 PM:   sharron cunningham@meetupcom.122.2o7[2].txt (ID = 1958)
8:14 PM:   sharron cunningham@meetupcom.122.2o7[3].txt (ID = 1958)
8:14 PM:   sharron cunningham@microsofteup.112.2o7[1].txt (ID = 1958)
8:14 PM:   sharron cunningham@msnportal.112.2o7[1].txt (ID = 1958)
8:14 PM:   sharron cunningham@msnportal.112.2o7[2].txt (ID = 1958)
8:14 PM:   sharron cunningham@msnportal.112.2o7[3].txt (ID = 1958)
8:14 PM:   Found Spy Cookie: mygeek cookie
8:14 PM:   sharron cunningham@mygeek[1].txt (ID = 3041)

LadyZ510

34 Posts

April 11th, 2006 01:00

8:14 PM:   Found Spy Cookie: mygeek cookie
8:14 PM:   sharron cunningham@mygeek[1].txt (ID = 3041)
8:14 PM:   Found Spy Cookie: aptimus cookie
8:14 PM:   sharron cunningham@network.aptimus[1].txt (ID = 2235)
8:14 PM:   Found Spy Cookie: nextag cookie
8:14 PM:   sharron cunningham@nextag[1].txt (ID = 5014)
8:14 PM:   sharron cunningham@nextag[2].txt (ID = 5014)
8:14 PM:   sharron cunningham@nextag[3].txt (ID = 5014)
8:14 PM:   Found Spy Cookie: one-time-offer cookie
8:14 PM:   sharron cunningham@one-time-offer[1].txt (ID = 3095)
8:14 PM:   sharron cunningham@overture[1].txt (ID = 3105)
8:14 PM:   sharron cunningham@overture[2].txt (ID = 3105)
8:14 PM:   sharron cunningham@overture[3].txt (ID = 3105)
8:14 PM:   sharron cunningham@partygaming.122.2o7[1].txt (ID = 1958)
8:14 PM:   Found Spy Cookie: partypoker cookie
8:14 PM:   sharron cunningham@partypoker[1].txt (ID = 3111)
8:14 PM:   sharron cunningham@partypoker[2].txt (ID = 3111)
8:14 PM:   Found Spy Cookie: passion cookie
8:14 PM:   sharron cunningham@passion[1].txt (ID = 3113)
8:14 PM:   sharron cunningham@perf.overture[1].txt (ID = 3106)
8:14 PM:   sharron cunningham@perf.overture[2].txt (ID = 3106)
8:14 PM:   sharron cunningham@perf.overture[3].txt (ID = 3106)
8:14 PM:   Found Spy Cookie: pro-market cookie
8:14 PM:   sharron cunningham@pro-market[2].txt (ID = 3197)
8:14 PM:   Found Spy Cookie: questionmarket cookie
8:14 PM:   sharron cunningham@questionmarket[1].txt (ID = 3217)
8:14 PM:   sharron cunningham@questionmarket[2].txt (ID = 3217)
8:14 PM:   sharron cunningham@questionmarket[3].txt (ID = 3217)
8:14 PM:   sharron cunningham@questionmarket[4].txt (ID = 3217)
8:14 PM:   sharron cunningham@questionmarket[5].txt (ID = 3217)
8:14 PM:   sharron cunningham@questionmarket[7].txt (ID = 3217)
8:14 PM:   Found Spy Cookie: rambler cookie
8:14 PM:   sharron cunningham@rambler[1].txt (ID = 3225)
8:14 PM:   Found Spy Cookie: realmedia cookie
8:14 PM:   sharron cunningham@realmedia[1].txt (ID = 3235)
8:14 PM:   sharron cunningham@realmedia[2].txt (ID = 3235)
8:14 PM:   sharron cunningham@realmedia[4].txt (ID = 3235)
8:14 PM:   sharron cunningham@realmedia[5].txt (ID = 3235)
8:14 PM:   sharron cunningham@realmedia:emotion-14:.txt (ID = 3235)
8:14 PM:   Found Spy Cookie: revenue.net cookie
8:14 PM:   sharron cunningham@revenue[1].txt (ID = 3257)
8:14 PM:   Found Spy Cookie: adjuggler cookie
8:14 PM:   sharron cunningham@rotator.adjuggler[2].txt (ID = 2071)
8:14 PM:   sharron cunningham@sel.as-us.falkag[1].txt (ID = 2650)
8:14 PM:   sharron cunningham@sel.as-us.falkag[3].txt (ID = 2650)
8:14 PM:   Found Spy Cookie: servedby advertising cookie
8:14 PM:   sharron cunningham@servedby.advertising[1].txt (ID = 3335)
8:14 PM:   sharron cunningham@servedby.advertising[2].txt (ID = 3335)
8:14 PM:   sharron cunningham@servedby.advertising[3].txt (ID = 3335)
8:14 PM:   sharron cunningham@servedby.advertising[4].txt (ID = 3335)
8:14 PM:   sharron cunningham@servedby.advertising[5].txt (ID = 3335)
8:14 PM:   sharron cunningham@servedby.advertising:emotion-14:.txt (ID = 3335)
8:14 PM:   sharron cunningham@servedby.advertising[7].txt (ID = 3335)
8:14 PM:   Found Spy Cookie: server.iad.liveperson cookie
8:14 PM:   sharron cunningham@server.iad.liveperson[1].txt (ID = 3341)
8:14 PM:   Found Spy Cookie: serving-sys cookie
8:14 PM:   sharron cunningham@serving-sys[1].txt (ID = 3343)
8:14 PM:   sharron cunningham@serving-sys[2].txt (ID = 3343)
8:14 PM:   sharron cunningham@serving-sys[3].txt (ID = 3343)
8:14 PM:   Found Spy Cookie: sextracker cookie
8:14 PM:   sharron cunningham@sextracker[1].txt (ID = 3361)
8:14 PM:   sharron cunningham@sextracker[2].txt (ID = 3361)
8:14 PM:   Found Spy Cookie: starware.com cookie
8:14 PM:   sharron cunningham@starware[2].txt (ID = 3441)
8:14 PM:   Found Spy Cookie: dealtime cookie

LadyZ510

34 Posts

April 11th, 2006 01:00

8:14 PM:   sharron cunningham@z1.adserver[11].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[12].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[1].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[2].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[3].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[4].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[5].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver:emotion-14:.txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[7].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver:emotion-29:.txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[9].txt (ID = 2142)
8:14 PM:   Found Spy Cookie: zedo cookie
8:14 PM:   sharron cunningham@zedo[1].txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo[2].txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo[3].txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo[4].txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo[5].txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo:emotion-14:.txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo[7].txt (ID = 3762)
8:14 PM:   sharron cunningham@zedo:emotion-29:.txt (ID = 3762)
8:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
8:14 PM: Starting File Sweep
8:14 PM:   c:\program files\screensavers.com (4 subtraces) (ID = -2147480365)
8:14 PM:   Found Adware: winantispyware 2005
8:14 PM:   c:\program files\common files\winsoftware (ID = -2147476682)
8:15 PM:   d71ccc6a-5c68-4d6e-8f77-6a0b29 (ID = 70375)
8:32 PM:   Found Adware: surfbar
8:32 PM:   32002c8b-9067-4f57-942b-f8dddc (ID = 77620)
8:33 PM:   efc8d1c6-5b51-4638-b1c3-e47502 (ID = 70384)
8:33 PM:   4d1bd8f6-5af0-4dff-9f89-6f1786 (ID = 70372)
8:39 PM:   screensaversinst.dll (ID = 74752)
8:43 PM: File Sweep Complete, Elapsed Time: 00:28:45
8:43 PM: Full Sweep has completed.  Elapsed time 00:33:35
8:43 PM: Traces Found: 208
8:44 PM: Removal process initiated
8:44 PM:   Quarantining All Traces: navexcel navhelper
8:44 PM:   Quarantining All Traces: screensavers
8:44 PM:   Quarantining All Traces: surfbar
8:44 PM:   Quarantining All Traces: 123count cookie
8:44 PM:   Quarantining All Traces: 247realmedia cookie
8:44 PM:   Quarantining All Traces: 2o7.net cookie
8:44 PM:   Quarantining All Traces: 888 cookie
8:44 PM:   Quarantining All Traces: addynamix cookie
8:44 PM:   Quarantining All Traces: adjuggler cookie
8:44 PM:   Quarantining All Traces: adknowledge cookie
8:44 PM:   Quarantining All Traces: adrevolver cookie
8:44 PM:   Quarantining All Traces: adserver cookie
8:44 PM:   Quarantining All Traces: adtech cookie
8:44 PM:   Quarantining All Traces: adultfriendfinder cookie
8:44 PM:   Quarantining All Traces: advertising cookie
8:44 PM:   Quarantining All Traces: aptimus cookie
8:44 PM:   Quarantining All Traces: ask cookie
8:44 PM:   Quarantining All Traces: atlas dmt cookie
8:44 PM:   Quarantining All Traces: atwola cookie
8:44 PM:   Quarantining All Traces: bluestreak cookie
8:44 PM:   Quarantining All Traces: burstbeacon cookie
8:44 PM:   Quarantining All Traces: burstnet cookie
8:44 PM:   Quarantining All Traces: casalemedia cookie
8:44 PM:   Quarantining All Traces: cassava cookie
8:44 PM:   Quarantining All Traces: cc214142 cookie
8:44 PM:   Quarantining All Traces: centrport net cookie
8:44 PM:   Quarantining All Traces: classmates cookie
8:44 PM:   Quarantining All Traces: clickandtrack cookie
8:44 PM:   Quarantining All Traces: clickbank cookie
8:44 PM:   Quarantining All Traces: clickzs cookie

LadyZ510

34 Posts

April 11th, 2006 01:00

8:14 PM:   Found Spy Cookie: starware.com cookie
8:14 PM:   sharron cunningham@starware[2].txt (ID = 3441)
8:14 PM:   Found Spy Cookie: dealtime cookie
8:14 PM:   sharron cunningham@stat.dealtime[1].txt (ID = 2506)
8:14 PM:   sharron cunningham@stat.dealtime[2].txt (ID = 2506)
8:14 PM:   Found Spy Cookie: onestat.com cookie
8:14 PM:   sharron cunningham@stat.onestat[2].txt (ID = 3098)
8:14 PM:   Found Spy Cookie: statcounter cookie
8:14 PM:   sharron cunningham@statcounter[1].txt (ID = 3447)
8:14 PM:   sharron cunningham@statcounter[2].txt (ID = 3447)
8:14 PM:   sharron cunningham@statcounter[3].txt (ID = 3447)
8:14 PM:   Found Spy Cookie: reliablestats cookie
8:14 PM:   sharron cunningham@stats1.reliablestats[1].txt (ID = 3254)
8:14 PM:   sharron cunningham@stats1.reliablestats[2].txt (ID = 3254)
8:14 PM:   sharron cunningham@stats1.reliablestats[3].txt (ID = 3254)
8:14 PM:   sharron cunningham@stats1.reliablestats[4].txt (ID = 3254)
8:14 PM:   sharron cunningham@stats1.reliablestats[5].txt (ID = 3254)
8:14 PM:   sharron cunningham@stats1.reliablestats:emotion-14:.txt (ID = 3254)
8:14 PM:   sharron cunningham@stats1.reliablestats:emotion-29:.txt (ID = 3254)
8:14 PM:   Found Spy Cookie: webtrendslive cookie
8:14 PM:   sharron cunningham@statse.webtrendslive[1].txt (ID = 3667)
8:14 PM:   sharron cunningham@statse.webtrendslive[3].txt (ID = 3667)
8:14 PM:   sharron cunningham@statse.webtrendslive[4].txt (ID = 3667)
8:14 PM:   sharron cunningham@tacoda[1].txt (ID = 6444)
8:14 PM:   sharron cunningham@tacoda[2].txt (ID = 6444)
8:14 PM:   sharron cunningham@tacoda[3].txt (ID = 6444)
8:14 PM:   sharron cunningham@tacoda[5].txt (ID = 6444)
8:14 PM:   Found Spy Cookie: targetnet cookie
8:14 PM:   sharron cunningham@targetnet[1].txt (ID = 3489)
8:14 PM:   sharron cunningham@targetnet[3].txt (ID = 3489)
8:14 PM:   Found Spy Cookie: tracking cookie
8:14 PM:   sharron cunningham@tracking[2].txt (ID = 3571)
8:14 PM:   Found Spy Cookie: tradedoubler cookie
8:14 PM:   sharron cunningham@tradedoubler[2].txt (ID = 3575)
8:14 PM:   Found Spy Cookie: trafficmp cookie
8:14 PM:   sharron cunningham@trafficmp[1].txt (ID = 3581)
8:14 PM:   sharron cunningham@trafficmp[2].txt (ID = 3581)
8:14 PM:   sharron cunningham@trafficmp[3].txt (ID = 3581)
8:14 PM:   Found Spy Cookie: trb.com cookie
8:14 PM:   sharron cunningham@trb[2].txt (ID = 3587)
8:14 PM:   Found Spy Cookie: tribalfusion cookie
8:14 PM:   sharron cunningham@tribalfusion[1].txt (ID = 3589)
8:14 PM:   sharron cunningham@tribalfusion[2].txt (ID = 3589)
8:14 PM:   sharron cunningham@tribalfusion[3].txt (ID = 3589)
8:14 PM:   sharron cunningham@tribalfusion[4].txt (ID = 3589)
8:14 PM:   sharron cunningham@tribalfusion[5].txt (ID = 3589)
8:14 PM:   sharron cunningham@www.888[2].txt (ID = 2020)
8:14 PM:   Found Spy Cookie: burstbeacon cookie
8:14 PM:   sharron cunningham@www.burstbeacon[1].txt (ID = 2335)
8:14 PM:   sharron cunningham@www.burstbeacon[2].txt (ID = 2335)
8:14 PM:   sharron cunningham@www.burstbeacon[4].txt (ID = 2335)
8:14 PM:   Found Spy Cookie: screensavers.com cookie
8:14 PM:   sharron cunningham@www.screensavers[2].txt (ID = 3298)
8:14 PM:   Found Spy Cookie: stopzilla cookie
8:14 PM:   sharron cunningham@www.stopzilla[2].txt (ID = 3466)
8:14 PM:   Found Spy Cookie: winantiviruspro cookie
8:14 PM:   sharron cunningham@www.winantiviruspro[2].txt (ID = 3690)
8:14 PM:   Found Spy Cookie: seeq cookie
8:14 PM:   sharron cunningham@www48.seeq[1].txt (ID = 3332)
8:14 PM:   Found Spy Cookie: x10 cookie
8:14 PM:   sharron cunningham@x10[1].txt (ID = 3711)
8:14 PM:   sharron cunningham@yieldmanager[2].txt (ID = 3749)
8:14 PM:   Found Spy Cookie: adserver cookie
8:14 PM:   sharron cunningham@z1.adserver[10].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[11].txt (ID = 2142)
8:14 PM:   sharron cunningham@z1.adserver[12].txt (ID = 2142)

ALgal

1.2K Posts

April 11th, 2006 17:00

Hello Lady,

Just one minor thing to clean up in your hijackthis log and then let's see the results of a Kapersky scan.

Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.
  • Open it click >Options over to the left then >program options>Uncheck "load at windows startup"
  • Over to the left click "shields" and uncheck all there.
  • Uncheck" home page shield".
  • Uncheck ''automatically restore default without notification".

After all of the fixes are complete it is very important that you enable SpySweeper again.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Scan with HijackThis. Place a check against each of the following:
O20 - Winlogon Notify: lirnsble - lirnsble.dll (file missing)
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Now run this online scan using Internet Explorer:
Kaspersky WebScanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.

Copy and paste that information from Kapersky in your next post.

Post back a fresh HijackThis log and the Kapersky results.

Was this post helpful?

View All

Top