MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: i think i have a virus
June 16, 2019, 05:59:58 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 16, 2019, 05:59:58 AM

Login with username, password and session length
 
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: i think i have a virus  (Read 3457 times)
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« on: August 18, 2006, 02:06:16 AM »

Logfile of HijackThis v1.99.1
Scan saved at 10:05:27 PM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
F:\00000P~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
F:\00000Programs-Drivers-Fonts-Etc\MovielinkManager\Movielink User.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Giyus.org\megaphone.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Symantec\ACT\SideACT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LoadMSvcmm] "F:\00000Programs-Drivers-Fonts-Etc\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [Megaphone] C:\Program Files\Giyus.org\megaphone.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5755E845-01C1-46DC-B109-A7321A433944}: NameServer = 4.2.2.2,192.168.0.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Movielink Core Service - Movielink LLC - F:\00000P~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE



Thanks for any help
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: August 19, 2006, 02:37:31 AM »

Hi
There is nothing showing in the log but just to be one the safe side.....

Download Ewido Anti-Malware
  • Install Ewido Anti-Malware
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido. When you have finished updating, EXIT Ewido.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
  • In Safe Mode,run Ewido.
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As.  This will create a text file. 

Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #2 on: August 28, 2006, 02:24:31 AM »

Logfile of HijackThis v1.99.1
Scan saved at 10:19:08 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
F:\00000P~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
F:\00000Programs-Drivers-Fonts-Etc\MovielinkManager\Movielink User.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Giyus.org\megaphone.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Symantec\ACT\SideACT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LoadMSvcmm] "F:\00000Programs-Drivers-Fonts-Etc\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [Megaphone] C:\Program Files\Giyus.org\megaphone.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5755E845-01C1-46DC-B109-A7321A433944}: NameServer = 4.2.2.2,192.168.0.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Movielink Core Service - Movielink LLC - F:\00000P~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Logged

scheins
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #3 on: August 28, 2006, 02:24:48 AM »

here is the ewido log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   10:16:01 PM 8/27/2006

 + Scan result:   



:mozilla.111:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.366:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@ehg-zoomerang.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Bentzion\Application Data\Mozilla\Firefox\Profiles\2dzweqcl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Bentzion\Cookies\bentzion@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

thanks
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: August 28, 2006, 02:37:56 AM »

Its cleaned you up but there is still nothing...its all fine.
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #5 on: August 28, 2006, 12:44:59 PM »

then how come avg keeps finding some type of generic virus every other day.  it just found it now.
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: August 28, 2006, 11:54:49 PM »

Does it give you a path to the file ?.

Download WebRoot SpySweeper

Install it and update to the latest definitions
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab and put a check next to the following seven sweeps:

Sweep Memory,Sweep Registry,Sweep Cookies,Sweep All User Accounts
Enable Direct Disk Sweeping,Sweep Contents of Compressed Files,Sweep for Rootkits


Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When done, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #7 on: August 29, 2006, 04:00:38 PM »

11:55 AM: Removal process completed.  Elapsed time 00:00:24
11:55 AM:   Warning: Could not store new IE Hijack Setting value: HKCU\Software\Microsoft\Internet Explorer\Main\Start Page\http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6ar=msnhome Error: Failed to set data for 'Start Page'
11:55 AM:   Quarantining All Traces: partypoker cookie
11:55 AM:   Quarantining All Traces: nextag cookie
11:55 AM:   Quarantining All Traces: realmedia cookie
11:55 AM:   Quarantining All Traces: maxserving cookie
11:55 AM:   Quarantining All Traces: fortunecity cookie
11:55 AM:   Quarantining All Traces: exitexchange cookie
11:55 AM:   Quarantining All Traces: belnk cookie
11:55 AM:   Quarantining All Traces: ask cookie
11:55 AM:   Quarantining All Traces: apmebf cookie
11:55 AM:   Quarantining All Traces: adrevolver cookie
11:55 AM:   Quarantining All Traces: hbmediapro cookie
11:55 AM:   Quarantining All Traces: adknowledge cookie
11:55 AM:   Quarantining All Traces: adecn cookie
11:55 AM:   Quarantining All Traces: websponsors cookie
11:55 AM:   Quarantining All Traces: go.com cookie
11:55 AM:   Quarantining All Traces: stamps.com cookie
11:55 AM:   Quarantining All Traces: webtrends cookie
11:55 AM:   Quarantining All Traces: atwola cookie
11:55 AM:   Quarantining All Traces: findthewebsiteyouneed hijack
11:55 AM:   Quarantining All Traces: trojan-dropper-mendoza
11:55 AM:   Quarantining All Traces: maxifiles
11:55 AM:   Quarantining All Traces: golden eye
11:55 AM:   Quarantining All Traces: trojan-downloader-msil.agent
11:55 AM: Removal process initiated
11:53 AM: Traces Found: 44
11:53 AM: Full Sweep has completed.  Elapsed time 00:50:28
11:53 AM: File Sweep Complete, Elapsed Time: 00:46:40
11:46 AM:   F:\Old DELL\Benzion\Colectables\Programs-Data\gesetup.exe (ID = 61830)
11:46 AM:   Found System Monitor: golden eye
11:22 AM:   Warning: Failed to access drive E:
11:22 AM:   Warning: Failed to open file "c:\documents and settings\bentzion\application data\mozilla\firefox\profiles\2dzweqcl.default\parent.lock". The operation completed successfully
11:20 AM:   C:\Mendoza1.exe (ID = 318893)
11:20 AM:   Found Trojan Horse: trojan-dropper-mendoza
11:19 AM:   C:\mc-110-12-0000228.exe (ID = 320785)
11:07 AM:   C:\Program Files\Common Files\svchostsys (4 subtraces) (ID = 2147523504)
11:07 AM:   C:\Program Files\Common Files\simtest (2 subtraces) (ID = 2147523505)
11:07 AM:   Found Trojan Horse: trojan-downloader-msil.agent
11:07 AM: Starting File Sweep
11:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@realmedia[1].txt (ID = 3235)
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@partypoker[1].txt (ID = 3111)
11:07 AM:   Found Spy Cookie: partypoker cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@nextag[2].txt (ID = 5014)
11:07 AM:   Found Spy Cookie: nextag cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@network.realmedia[1].txt (ID = 3236)
11:07 AM:   Found Spy Cookie: realmedia cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@maxserving[2].txt (ID = 2966)
11:07 AM:   Found Spy Cookie: maxserving cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@fortunecity[2].txt (ID = 2686)
11:07 AM:   Found Spy Cookie: fortunecity cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@exitexchange[2].txt (ID = 2633)
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@dist.belnk[2].txt (ID = 2293)
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@count3.exitexchange[1].txt (ID = 2634)
11:07 AM:   Found Spy Cookie: exitexchange cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@belnk[1].txt (ID = 2292)
11:07 AM:   Found Spy Cookie: belnk cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@atwola[2].txt (ID = 2255)
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@ask[1].txt (ID = 2245)
11:07 AM:   Found Spy Cookie: ask cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@apmebf[1].txt (ID = 2229)
11:07 AM:   Found Spy Cookie: apmebf cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@adrevolver[3].txt (ID = 2088)
11:07 AM:   Found Spy Cookie: adrevolver cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@adopt.hbmediapro[2].txt (ID = 2768)
11:07 AM:   Found Spy Cookie: hbmediapro cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@adknowledge[1].txt (ID = 2072)
11:07 AM:   Found Spy Cookie: adknowledge cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@adecn[1].txt (ID = 2063)
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@ad2.adecn[1].txt (ID = 2064)
11:07 AM:   Found Spy Cookie: adecn cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\bentzion@a.websponsors[2].txt (ID = 3665)
11:07 AM:   Found Spy Cookie: websponsors cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\backup@stamps[2].txt (ID = 3437)
11:07 AM:   c:\documents and settings\bentzion\cookies\backup@rsi.abc.go[1].txt (ID = 2729)
11:07 AM:   c:\documents and settings\bentzion\cookies\backup@go[2].txt (ID = 2728)
11:07 AM:   c:\documents and settings\bentzion\cookies\backup@dynamic.abc.go[1].txt (ID = 2729)
11:07 AM:   c:\documents and settings\bentzion\cookies\backup@atwola[1].txt (ID = 2255)
11:07 AM:   c:\documents and settings\bentzion\cookies\backup@abc.go[1].txt (ID = 2729)
11:07 AM:   Found Spy Cookie: go.com cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\administrator@www.stamps[1].txt (ID = 3438)
11:07 AM:   c:\documents and settings\bentzion\cookies\administrator@stamps[1].txt (ID = 3437)
11:07 AM:   Found Spy Cookie: stamps.com cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\administrator@m.webtrends[1].txt (ID = 3669)
11:07 AM:   Found Spy Cookie: webtrends cookie
11:07 AM:   c:\documents and settings\bentzion\cookies\administrator@atwola[1].txt (ID = 2255)
11:07 AM:   Found Spy Cookie: atwola cookie
11:07 AM: Starting Cookie Sweep
11:07 AM: Registry Sweep Complete, Elapsed Time:00:00:40
11:06 AM:   HKU\S-1-5-21-3106898507-4170784932-1460155441-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530952)
11:06 AM:   HKU\S-1-5-21-3106898507-4170784932-1460155441-1010\software\microsoft\internet explorer\main\ || start page (ID = 125239)
11:06 AM:   Found Adware: findthewebsiteyouneed hijack
11:06 AM:   HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530980)
11:06 AM:   HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530936)
11:06 AM:   Found Adware: maxifiles
11:06 AM: Starting Registry Sweep
11:06 AM: Memory Sweep Complete, Elapsed Time: 00:02:57
11:03 AM: Starting Memory Sweep
11:03 AM: Sweep initiated using definitions version 750
11:03 AM: Spy Sweeper 5.0.5.1286 started
11:03 AM: |       Start of Session, Tuesday, August 29, 2006       |
********
11:03 AM: |       End of Session, Tuesday, August 29, 2006       |
11:01 AM: Your definitions are up to date.
11:00 AM: Your definitions are up to date.
            Keylogger Shield: On
            BHO Shield: On
            IE Security Shield: On
            Alternate Data Stream (ADS) Execution Shield: On
            Startup Shield: On
            Common Ad Sites Shield: Off
            Hosts File Shield: On
            Spy Communication Shield: On
            ActiveX Shield: On
            Windows Messenger Service Shield: On
            IE Favorites Shield: On
            Spy Installation Shield: On
            Memory Shield: On
            IE Hijack Shield: On
            IE Tracking Cookies Shield: Off
10:46 AM: Shield States
10:46 AM: Spyware Definitions: 750
10:46 AM: Spy Sweeper 5.0.5.1286 started
10:44 AM: Spy Sweeper 5.0.5.1286 started
10:41 AM: Spy Sweeper 5.0.5.1286 started
10:41 AM: Spy Sweeper 5.0.5.1286 started
10:41 AM: |       Start of Session, Tuesday, August 29, 2006       |
********
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: August 30, 2006, 12:46:58 AM »

Thats cleaned a few more  out.Are things better ?
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #9 on: August 30, 2006, 01:32:50 AM »

i think so thanks
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: August 30, 2006, 03:30:17 AM »

Ok.Thats great....
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #11 on: August 30, 2006, 01:31:35 PM »

sorry to bother but i was wrong this morning avg found the same virus again.  i copied the name it is downloader.genreric2.jvp.  if that helps at all.
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #12 on: August 31, 2006, 12:01:58 AM »

Ok.Maybe what you now need to do is turn off your System Restore,reboot,turn it back on and creat a new restore point.

1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Rescan with AVG and see if it finds it.If it does,note the path to the file.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 06, 2017, 10:07:43 PM