HijackThis Log

  1. 11-11-2005  #11
    uncleramsay
    uncleramsay is offline Junior Member

    Re: HijackThis Log

    Continued....

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sy mantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\Symantec.Norton.Antivirus.IEC ontextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
    DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
    CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    Real.com = C:\WINDOWS\system32\Shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
    MenuText = Uninstall BitDefender Online Scanner v8 :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    ButtonText = Real.com :

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
    {C529C245-7B62-11D9-B94F-0004767303D4} = :

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    SoundMAXPnP C:\Program Files\Analog Devices\Core\smax4pnp.exe
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    IAAnotif C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    DVDLauncher "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    MessengerPlus3 "C:\Program Files\MessengerPlus\MsgPlus.exe"
    dla C:\WINDOWS\system32\dla\tfswctrl.exe
    TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    Registry Defender "C:\Program Files\Registry Defender Trial\RegClean.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Ares
    hkey HKCU
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = c:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dl l
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer
    NoDriveTypeAutoRun 145


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
    UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs MsgPlusLoader.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 10/11/2005 23:47:51

  3. 11-11-2005  #12
    Neal
    Neal is offline Dedicated Member
    Still not anything showing. This may be a hardware/software problem and not a virus related problem.

    You can get rid of all those tools you downloaded.

    We can keep going and you can download and install spysweeper from webroot and we can see what it finds or you can go on over to the XP Help section of this forum and see what they can find there.

    Just in case: Let's try it.



    Please download Webroot SpySweeper from here: SpySweeper

    Click the Free Trial link under to "SpySweeper" to download the program.
    Install it.
    Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Sweep Now on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.

    Paste the contents of the session log you copied into your next reply.
  4. 11-11-2005  #13
    uncleramsay
    uncleramsay is offline Junior Member
    SpySweeper Log

    ********
    09:37: | Start of Session, 11 November 2005 |
    09:37: Spy Sweeper started
    09:37: Sweep initiated using definitions version 571
    09:37: Starting Memory Sweep
    09:39: Memory Sweep Complete, Elapsed Time: 00:01:57
    09:39: Starting Registry Sweep
    09:39: Found Adware: winad
    09:39: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
    09:39: Found Adware: systemprocess
    09:39: HKU\S-1-5-21-1300843200-528733203-3098348463-1005\software\system process\ (1 subtraces) (ID = 860389)
    09:39: HKU\S-1-5-21-1300843200-528733203-3098348463-1005\software\system process\ || lastptime (ID = 860390)
    09:39: Registry Sweep Complete, Elapsed Time:00:00:14
    09:39: Starting Cookie Sweep
    09:39: Found Spy Cookie: primaryads cookie
    09:39: dale@1.primaryads[1].txt (ID = 3190)
    09:39: Found Spy Cookie: 2o7.net cookie
    09:39: dale@122.2o7[2].txt (ID = 1958)
    09:39: dale@2o7[2].txt (ID = 1957)
    09:39: Found Spy Cookie: 64.62.232 cookie
    09:39: dale@64.62.232[1].txt (ID = 1987)
    09:39: dale@64.62.232[2].txt (ID = 1987)
    09:39: dale@64.62.232[3].txt (ID = 1987)
    09:39: dale@64.62.232[5].txt (ID = 1987)
    09:39: dale@64.62.232[6].txt (ID = 1987)
    09:39: Found Spy Cookie: about cookie
    09:39: dale@about[2].txt (ID = 2037)
    09:39: Found Spy Cookie: go.com cookie
    09:39: dale@adisney.go[2].txt (ID = 2729)
    09:39: Found Spy Cookie: adlegend cookie
    09:39: dale@adlegend[1].txt (ID = 2074)
    09:39: Found Spy Cookie: hbmediapro cookie
    09:39: dale@adopt.hbmediapro[2].txt (ID = 2768)
    09:39: Found Spy Cookie: hotbar cookie
    09:39: dale@adopt.hotbar[2].txt (ID = 4207)
    09:39: Found Spy Cookie: adrevservice cookie
    09:39: dale@adrevservice[1].txt (ID = 2091)
    09:39: Found Spy Cookie: cc214142 cookie
    09:39: dale@ads.cc214142[2].txt (ID = 2367)
    09:39: Found Spy Cookie: cd freaks cookie
    09:39: dale@ads.cdfreaks[1].txt (ID = 2371)
    09:39: Found Spy Cookie: pointroll cookie
    09:39: dale@ads.pointroll[2].txt (ID = 3148)
    09:39: Found Spy Cookie: adtech cookie
    09:39: dale@adtech[1].txt (ID = 2155)
    09:39: Found Spy Cookie: advertising cookie
    09:39: dale@advertising[2].txt (ID = 2175)
    09:39: Found Spy Cookie: falkag cookie
    09:39: dale@as-eu.falkag[1].txt (ID = 2650)
    09:39: Found Spy Cookie: atlas dmt cookie
    09:39: dale@atdmt[2].txt (ID = 2253)
    09:39: Found Spy Cookie: belnk cookie
    09:39: dale@ath.belnk[2].txt (ID = 2293)
    09:39: Found Spy Cookie: atwola cookie
    09:39: dale@atwola[1].txt (ID = 2255)
    09:39: Found Spy Cookie: a cookie
    09:39: dale@a[1].txt (ID = 2027)
    09:39: dale@belnk[1].txt (ID = 2292)
    09:39: Found Spy Cookie: bluestreak cookie
    09:39: dale@bluestreak[1].txt (ID = 2314)
    09:39: Found Spy Cookie: bravenet cookie
    09:39: dale@bravenet[2].txt (ID = 2322)
    09:39: Found Spy Cookie: ccbill cookie
    09:39: dale@ccbill[1].txt (ID = 2369)
    09:39: dale@cdfreaks[1].txt (ID = 2370)
    09:39: Found Spy Cookie: clickbank cookie
    09:39: dale@clickbank[1].txt (ID = 2398)
    09:39: Found Spy Cookie: customer cookie
    09:39: dale@customer[1].txt (ID = 2481)
    09:39: Found Spy Cookie: did-it cookie
    09:39: dale@did-it[2].txt (ID = 2523)
    09:39: dale@disney.go[2].txt (ID = 2729)
    09:39: dale@dist.belnk[2].txt (ID = 2293)
    09:39: dale@dvr.about[1].txt (ID = 2038)
    09:39: Found Spy Cookie: adbureau cookie
    09:39: dale@etype.adbureau[2].txt (ID = 2060)
    09:39: Found Spy Cookie: exitexchange cookie
    09:39: dale@exitexchange[2].txt (ID = 2633)
    09:39: Found Spy Cookie: gamespy cookie
    09:39: dale@gamespy[1].txt (ID = 2719)
    09:39: dale@go[2].txt (ID = 2728)
    09:39: Found Spy Cookie: herfirstlesbiansex cookie
    09:39: dale@herfirstlesbiansex[2].txt (ID = 2771)
    09:39: Found Spy Cookie: howstuffworks cookie
    09:39: dale@howstuffworks[1].txt (ID = 2805)
    09:39: Found Spy Cookie: touchclarity cookie
    09:39: dale@hsbc.touchclarity[1].txt (ID = 3566)
    09:39: Found Spy Cookie: techtarget cookie
    09:39: dale@labmice.techtarget[1].txt (ID = 3500)
    09:39: Found Spy Cookie: mrskin cookie
    09:39: dale@mrskin[1].txt (ID = 3020)
    09:39: dale@msn.touchclarity[2].txt (ID = 3566)
    09:39: Found Spy Cookie: offeroptimizer cookie
    09:39: dale@offeroptimizer[2].txt (ID = 3087)
    09:39: Found Spy Cookie: outster cookie
    09:39: dale@outster[1].txt (ID = 3103)
    09:39: Found Spy Cookie: pricegrabber cookie
    09:39: dale@pricegrabber[1].txt (ID = 3185)
    09:39: Found Spy Cookie: questionmarket cookie
    09:39: dale@questionmarket[1].txt (ID = 3217)
    09:39: dale@sel.as-eu.falkag[2].txt (ID = 2650)
    09:39: Found Spy Cookie: servedby advertising cookie
    09:39: dale@servedby.advertising[1].txt (ID = 3335)
    09:39: Found Spy Cookie: serving-sys cookie
    09:39: dale@serving-sys[1].txt (ID = 3343)
    09:39: Found Spy Cookie: webtrendslive cookie
    09:39: dale@statse.webtrendslive[1].txt (ID = 3667)
    09:39: Found Spy Cookie: toplist cookie
    09:39: dale@toplist[2].txt (ID = 3557)
    09:39: Found Spy Cookie: tribalfusion cookie
    09:39: dale@tribalfusion[1].txt (ID = 3589)
    09:39: Found Spy Cookie: webpower cookie
    09:39: dale@webpower[2].txt (ID = 3660)
    09:39: dale@windows.about[2].txt (ID = 2038)
    09:39: dale@www.cdfreaks[1].txt (ID = 2371)
    09:39: dale@www.go[1].txt (ID = 2729)
    09:39: dale@www.mrskin[1].txt (ID = 3021)
    09:39: Found Spy Cookie: surveys cookie
    09:39: dale@www.surveys[2].txt (ID = 3474)
    09:39: Found Spy Cookie: xiti cookie
    09:39: dale@xiti[1].txt (ID = 3717)
    09:39: Found Spy Cookie: yadro cookie
    09:39: dale@yadro[2].txt (ID = 3743)
    09:39: Found Spy Cookie: zedo cookie
    09:39: dale@zedo[2].txt (ID = 3762)
    09:39: Cookie Sweep Complete, Elapsed Time: 00:00:11
    09:39: Starting File Sweep
    09:42: Found Adware: azsearch toolbar
    09:42: azebar.xml (ID = 107190)
    09:43: ustart.exe (ID = 161346)
    09:43: ~ustart.exe (ID = 161346)
    09:44: Found System Monitor: user monitor
    09:44: usermonitor17.exe (ID = 82110)
    09:52: Found Adware: 180search assistant/zango
    09:52: npclntax.dll (ID = 146239)
    09:52: Found Adware: trendy search toolbar
    09:52: icons.bmp (ID = 79756)
    09:52: azesearch.inf (ID = 50329)
    09:52: npclntax.xpt (ID = 146238)
    09:53: File Sweep Complete, Elapsed Time: 00:13:29
    09:53: Full Sweep has completed. Elapsed time 00:15:54
    09:53: Traces Found: 78
    09:53: Removal process initiated
    09:53: Quarantining All Traces: 180search assistant/zango
    09:53: Quarantining All Traces: user monitor
    09:53: Quarantining All Traces: azsearch toolbar
    09:53: Quarantining All Traces: systemprocess
    09:53: Quarantining All Traces: trendy search toolbar
    09:53: Quarantining All Traces: winad
    09:53: Quarantining All Traces: 2o7.net cookie
    09:53: Quarantining All Traces: 64.62.232 cookie
    09:53: Quarantining All Traces: a cookie
    09:53: Quarantining All Traces: about cookie
    09:53: Quarantining All Traces: adbureau cookie
    09:53: Quarantining All Traces: adlegend cookie
    09:53: Quarantining All Traces: adrevservice cookie
    09:53: Quarantining All Traces: adtech cookie
    09:53: Quarantining All Traces: advertising cookie
    09:53: Quarantining All Traces: atlas dmt cookie
    09:53: Quarantining All Traces: atwola cookie
    09:53: Quarantining All Traces: belnk cookie
    09:53: Quarantining All Traces: bluestreak cookie
    09:53: Quarantining All Traces: bravenet cookie
    09:53: Quarantining All Traces: cc214142 cookie
    09:53: Quarantining All Traces: ccbill cookie
    09:53: Quarantining All Traces: cd freaks cookie
    09:53: Quarantining All Traces: clickbank cookie
    09:53: Quarantining All Traces: customer cookie
    09:53: Quarantining All Traces: did-it cookie
    09:53: Quarantining All Traces: exitexchange cookie
    09:53: Quarantining All Traces: falkag cookie
    09:53: Quarantining All Traces: gamespy cookie
    09:53: Quarantining All Traces: go.com cookie
    09:53: Quarantining All Traces: hbmediapro cookie
    09:53: Quarantining All Traces: herfirstlesbiansex cookie
    09:53: Quarantining All Traces: hotbar cookie
    09:53: Quarantining All Traces: howstuffworks cookie
    09:53: Quarantining All Traces: mrskin cookie
    09:53: Quarantining All Traces: offeroptimizer cookie
    09:53: Quarantining All Traces: outster cookie
    09:53: Quarantining All Traces: pointroll cookie
    09:53: Quarantining All Traces: pricegrabber cookie
    09:53: Quarantining All Traces: primaryads cookie
    09:53: Quarantining All Traces: questionmarket cookie
    09:53: Quarantining All Traces: servedby advertising cookie
    09:53: Quarantining All Traces: serving-sys cookie
    09:53: Quarantining All Traces: surveys cookie
    09:53: Quarantining All Traces: techtarget cookie
    09:53: Quarantining All Traces: toplist cookie
    09:53: Quarantining All Traces: touchclarity cookie
    09:53: Quarantining All Traces: tribalfusion cookie
    09:53: Quarantining All Traces: webpower cookie
    09:53: Quarantining All Traces: webtrendslive cookie
    09:53: Quarantining All Traces: xiti cookie
    09:53: Quarantining All Traces: yadro cookie
    09:53: Quarantining All Traces: zedo cookie
    09:54: Removal process completed. Elapsed time 00:00:25
    ********
    08:47: | Start of Session, 11 November 2005 |
    08:47: Spy Sweeper started
    09:37: Your spyware definitions have been updated.
    09:37: | End of Session, 11 November 2005 |
  5. 11-11-2005  #14
    Neal
    Neal is offline Dedicated Member
    Thanks, well spysweeper found some fairly serious adware.

    How is your computer behaving now?

    If no improvement, then I have gone about as far as I can go, your computer is clean.
  6. 13-11-2005  #15
    uncleramsay
    uncleramsay is offline Junior Member
    Thanks for all your help on this.
    Unfortunately I am still having the same problems. Particularly that I cannot get Google Earth to work at all.

    You mentioned earlier that it may be a hardware problem. If it was something to do with my RAM or other hardware, are there any diagnostic tests that I could run to see?

    Thanks again....
  7. 14-11-2005  #16
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,

    Why don't you go on over to the xp help section of this forum and see if they can help you.

    I've gone thru those logs 3 times and I am not seeing anything.

    XPHELP

    At least we got rid of some stuff on your computer.

    Thanks.
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Virtumonde | Another Hijack this log »