View Full Version : Help with zlob active x object/video access
lioncaller
2007-06-02, 19:49
Hello... I had series of fake alert, browser redirection, popup, etc problems. After running eTrust anti spyware and also Spybot in safe mode, I seem to be down to just one fake alert with an alternating yellow caution symbol and a blue circle with a yellow x, down in my services bar. Balloons pop up saying I'm infected with spyware and/or a trojan, and to click the balloon for help. Of course, if I do I go to a site that sells malware.
Symantec found spylocked, but said it was removed and a scan said my system was clear. Spybot says all problems are fixed. eTrust says it detected a billion bad things and I should buy their software to fix them (which sounds disturbingly similar to the pitches made by SpyLocked, SpyHeal, et al). Incidentally, regarding eTrust, when I tried to run an anti irus scan off their website, I did get a message in red saying I needed Active X objects, but there were no hot links and no clear way to download them. In fact, I didn't see any free antivisus downloads on their site, just some antispyware and optimization stuff. I also don't like how a browser automatically launches and goes to the eTrust homepage on startup now. FWIW.
One question I have is whether there's a way in Symantec to turn off a user-granted permission that allows a bad exe to access the internet. I can find in the Symantec log where the housesitter turned it on (she claims it was the recommended action on the Symantec prompt, and I wouldn't be surprised). Not likely to get any support from Symantec on this issue.
I so much appreciate the support. Donating now. (I think I did when I first got Spybot as well) :) Below are the eTrust antispyware and HJT logs. The eTrust log generated as an Excel file, not sure why. I tried copying it into Wordpad but I'm not sure it's any better. The date is 5/31, but I haven't used the machine since then; ran out of time that day.
Thanks again
lioncaller
2007-06-02, 19:53
eTrust PestPatrol Log Report
This report was generated on: 5/31/2007-8:08:14 PM
5/31/2007-8:06:23 PM Detected ticketmaster.com Tracking Cookie Cookie "claudia@ads.as4x.tmcs.ticketmaster[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.as4x.tmcs.ticketmaster[1].txt" 582224808
5/31/2007-8:06:23 PM Detected tmcs.net Tracking Cookie Cookie "claudia@ads.as4x.tmcs[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.as4x.tmcs[2].txt" 1628586046
5/31/2007-8:06:23 PM Detected PointRoll.com Tracking Cookie Cookie "claudia@ads.pointroll[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.pointroll[2].txt" 964401647
5/31/2007-8:06:23 PM Detected revsci.net Tracking Cookie Cookie "claudia@ads.revsci[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.revsci[1].txt" 120323602
5/31/2007-8:06:23 PM Detected scripps.com Tracking Cookie Cookie "claudia@adsremote.scripps[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adsremote.scripps[1].txt" 2143666011
5/31/2007-8:06:23 PM Detected adultrevenueservice.com Tracking Cookie Cookie "claudia@adultrevenueservice[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adultrevenueservice[1].txt" 277738416
5/31/2007-8:06:23 PM Detected webmd.com Tracking Cookie Cookie "claudia@adv.webmd[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adv.webmd[1].txt" 2104875524
5/31/2007-8:06:23 PM Detected activemeter.com Tracking Cookie Cookie "claudia@am1.activemeter[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@am1.activemeter[2].txt" 915701089
5/31/2007-8:06:23 PM Detected Falkag Tracking Cookie Cookie "claudia@as-us.falkag[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@as-us.falkag[1].txt" -1305056767
5/31/2007-8:06:23 PM Detected AtlasDMT.com Tracking Cookie Cookie "claudia@atdmt[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@atdmt[1].txt" -1433681329
5/31/2007-8:06:23 PM Detected atwola.com Tracking Cookie Cookie "claudia@atwola[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@atwola[1].txt" -222633393
5/31/2007-8:06:23 PM Detected ipro.com Tracking Cookie Cookie "claudia@content.ipro[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@content.ipro[1].txt" 470846537
5/31/2007-8:06:23 PM Detected monster.com Tracking Cookie Cookie "claudia@cookie.monster[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@cookie.monster[1].txt" 2010251851
5/31/2007-8:06:23 PM Detected cpvfeed.com Tracking Cookie Cookie "claudia@cpvfeed[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@cpvfeed[1].txt" -14803448
5/31/2007-8:06:23 PM Detected Data.Coremetrics.com Tracking Cookie Cookie "claudia@data.coremetrics[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@data.coremetrics[1].txt" -787798260
5/31/2007-8:06:23 PM Detected myspace.com Tracking Cookie Cookie "claudia@delb.myspace[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@delb.myspace[1].txt" -493083583
5/31/2007-8:06:23 PM Detected digitalhealthcare.com Tracking Cookie Cookie "claudia@digitalhealthcare[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@digitalhealthcare[1].txt" -1324950851
5/31/2007-8:06:23 PM Detected Edge.ru4 Tracking Cookie Cookie "claudia@edge.ru4[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@edge.ru4[2].txt" -935801004
5/31/2007-8:06:23 PM Detected Exitexchange Tracking Cookie Cookie "claudia@exitexchange[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@exitexchange[2].txt" -2121312933
5/31/2007-8:06:23 PM Detected expedia.com Tracking Cookie Cookie "claudia@expedia[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@expedia[2].txt" 391068586
5/31/2007-8:06:23 PM Detected lycos.com Tracking Cookie Cookie "claudia@hb.lycos[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hb.lycos[1].txt" 1851855570
5/31/2007-8:06:23 PM Detected gemius.pl Tracking Cookie Cookie "claudia@hit.gemius[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hit.gemius[1].txt" 133317031
5/31/2007-8:06:23 PM Detected stat.pl Tracking Cookie Cookie "claudia@hit.stat[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hit.stat[2].txt" -1396661146
5/31/2007-8:06:23 PM Detected gureport.co.uk Tracking Cookie Cookie "claudia@hits.gureport.co[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hits.gureport.co[1].txt" 1393610101
5/31/2007-8:06:23 PM Detected icio.us Tracking Cookie Cookie "claudia@icio[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@icio[1].txt" 315039047
lioncaller
2007-06-02, 19:55
5/31/2007-8:03:22 PM Detected insightexpressai.com Tracking Cookie Cookie "claudia@insightexpressai[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@insightexpressai[1].txt" -1887186446
5/31/2007-8:03:22 PM Detected insightexpress.com Tracking Cookie Cookie "claudia@insightexpress[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@insightexpress[2].txt" 1074393618
5/31/2007-8:03:22 PM Detected interclick.com Tracking Cookie Cookie "claudia@interclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@interclick[1].txt" 438936263
5/31/2007-8:03:22 PM Detected kanoodle.com Tracking Cookie Cookie "claudia@kanoodle[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@kanoodle[2].txt" 1515850650
5/31/2007-8:03:22 PM Detected hitsprocessor.com Tracking Cookie Cookie "claudia@loc1.hitsprocessor[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@loc1.hitsprocessor[2].txt" 1317108418
5/31/2007-8:03:22 PM Detected lycos.com Tracking Cookie Cookie "claudia@lycos[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@lycos[2].txt" 1458450945
5/31/2007-8:03:22 PM Detected webtrends.com Tracking Cookie Cookie "claudia@m.webtrends[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@m.webtrends[2].txt" -234725573
5/31/2007-8:03:22 PM Detected Mail.ru Tracking Cookie Cookie "claudia@mail[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mail[1].txt" 961801421
5/31/2007-8:03:22 PM Detected marketwatch.com Tracking Cookie Cookie "claudia@marketwatch[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@marketwatch[2].txt" 1640964284
5/31/2007-8:03:23 PM Detected medianewsgroup.com Tracking Cookie Cookie "claudia@medianewsgroup[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@medianewsgroup[2].txt" 1768599880
5/31/2007-8:03:23 PM Detected Mediaplex.com Tracking Cookie Cookie "claudia@mediaplex[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mediaplex[1].txt" 1444566907
5/31/2007-8:03:23 PM Detected 2o7.net Tracking Cookie Cookie "claudia@msnportal.112.2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@msnportal.112.2o7[1].txt" -386019833
5/31/2007-8:03:23 PM Detected mybloglog.com Tracking Cookie Cookie "claudia@mybloglog[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mybloglog[1].txt" -828388623
5/31/2007-8:03:23 PM Detected nbcuni.com Tracking Cookie Cookie "claudia@nbcuni[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@nbcuni[1].txt" -851594405
5/31/2007-8:03:23 PM Detected nextag.com Tracking Cookie Cookie "claudia@nextag[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@nextag[1].txt" 2021628288
5/31/2007-8:03:24 PM Detected webmd.com Tracking Cookie Cookie "claudia@o.webmd[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@o.webmd[1].txt" 853669306
5/31/2007-8:03:24 PM Detected advertserve.com Tracking Cookie Cookie "claudia@observer.advertserve[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@observer.advertserve[1].txt" 2119108865
5/31/2007-8:03:24 PM Detected One-Time-Offer Tracking Cookie Cookie "claudia@one-time-offer[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@one-time-offer[1].txt" 1026640909
5/31/2007-8:03:24 PM Detected onet.pl Tracking Cookie Cookie "claudia@onet[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@onet[1].txt" 724704808
5/31/2007-8:03:24 PM Detected partner2profit.com Tracking Cookie Cookie "claudia@partner2profit[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@partner2profit[1].txt" 1989957811
5/31/2007-8:03:24 PM Detected qnsr.com Tracking Cookie Cookie "claudia@qnsr[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@qnsr[1].txt" 1000792723
5/31/2007-8:03:24 PM Detected quantserve.com Tracking Cookie Cookie "claudia@quantserve[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@quantserve[1].txt" -2112601089
5/31/2007-8:03:24 PM Detected QuestionMarket.com Tracking Cookie Cookie "claudia@questionmarket[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@questionmarket[2].txt" 1589985302
5/31/2007-8:03:24 PM Detected RealMedia.com Tracking Cookie Cookie "claudia@realmedia[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@realmedia[2].txt" 1836517084
5/31/2007-8:03:24 PM Detected register.com Tracking Cookie Cookie "claudia@register[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@register[1].txt" -1286234851
5/31/2007-8:03:24 PM Detected revsci.net Tracking Cookie Cookie "claudia@revsci[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@revsci[1].txt" 1800920786
5/31/2007-8:03:24 PM Detected scrippsnetworksprivacy.com Tracking Cookie Cookie "claudia@scrippsnetworksprivacy[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@scrippsnetworksprivacy[2].txt" 408728625
5/31/2007-8:03:24 PM Detected scripps.com Tracking Cookie Cookie "claudia@scripps[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@scripps[1].txt" -1687613894
5/31/2007-8:03:24 PM Detected information.com Tracking Cookie Cookie "claudia@searchportal.information[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@searchportal.information[1].txt" -593673569
5/31/2007-8:03:24 PM Detected Ads.SpecificClick.com Tracking Cookie Cookie "claudia@specificclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@specificclick[1].txt" 1301486546
5/31/2007-8:03:24 PM Detected netflame.cc Tracking Cookie Cookie "claudia@ssl-hints.netflame[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ssl-hints.netflame[2].txt" 357667335
5/31/2007-8:03:24 PM Detected suitesmart.com Tracking Cookie Cookie "claudia@suitesmart[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@suitesmart[2].txt" 1673461607
5/31/2007-8:03:24 PM Detected WurldMedia.com Tracking Cookie Cookie "claudia@superstats[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@superstats[2].txt" -317298436
5/31/2007-8:03:24 PM Detected Tacoda cookie Tracking Cookie Cookie "claudia@tacoda[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tacoda[2].txt" 1812308239
5/31/2007-8:03:24 PM Detected theonion.com Tracking Cookie Cookie "claudia@theonion[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@theonion[2].txt" 1993908146
5/31/2007-8:03:24 PM Detected TrafficMarketplace Tracking Cookie Cookie "claudia@trafficmp[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@trafficmp[1].txt" 320322615
5/31/2007-8:03:24 PM Detected Travelocity.com Tracking Cookie Cookie "claudia@travelocity[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@travelocity[1].txt" -134064734
5/31/2007-8:03:24 PM Detected TribalFusion.com Tracking Cookie Cookie "claudia@tribalfusion[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tribalfusion[1].txt" 120321845
5/31/2007-8:03:24 PM Detected unicast.com Tracking Cookie Cookie "claudia@unicast[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@unicast[1].txt" -1448835292
5/31/2007-8:03:24 PM Detected untd.com Tracking Cookie Cookie "claudia@untd[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@untd[1].txt" -1670108547
5/31/2007-8:03:24 PM Detected venere.com Tracking Cookie Cookie "claudia@venere[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@venere[2].txt" 1859613848
5/31/2007-8:03:24 PM Detected venere.com Tracking Cookie Cookie "claudia@venere[3].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@venere[3].txt" 1840268329
5/31/2007-8:03:24 PM Detected washingtonpost.com Tracking Cookie Cookie "claudia@washingtonpost[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@washingtonpost[2].txt" 361032130
5/31/2007-8:03:24 PM Detected web-stat.com Tracking Cookie Cookie "claudia@web-stat[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@web-stat[2].txt" 1079084402
5/31/2007-8:03:24 PM Detected webpower.com Tracking Cookie Cookie "claudia@webpower[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@webpower[1].txt" -1210293156
5/31/2007-8:03:24 PM Detected webstat.net Tracking Cookie Cookie "claudia@webstat[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@webstat[1].txt" 103831522
5/31/2007-8:03:25 PM Detected whitepages.com Tracking Cookie Cookie "claudia@whitepages[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@whitepages[1].txt" 1570117998
5/31/2007-8:03:25 PM Detected winantivirus.com Tracking Cookie Cookie "claudia@winantivirus[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@winantivirus[2].txt" -658600056
5/31/2007-8:03:25 PM Detected ticketmaster.com Tracking Cookie Cookie "claudia@wt.ticketmaster[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@wt.ticketmaster[2].txt" -1759735008
5/31/2007-8:03:25 PM Detected 0stats.com Tracking Cookie Cookie "claudia@www.0stats[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.0stats[1].txt" 1247090364
5/31/2007-8:03:25 PM Detected burstbeacon.com Tracking Cookie Cookie "claudia@www.burstbeacon[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.burstbeacon[2].txt" -1338791636
5/31/2007-8:03:25 PM Detected cars.com Tracking Cookie Cookie "claudia@www.cars[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.cars[1].txt" 1319276531
5/31/2007-8:03:25 PM Detected revresda.com Tracking Cookie Cookie "claudia@www.revresda[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.revresda[1].txt" 1952582606
5/31/2007-8:03:25 PM Detected w3counter.com Tracking Cookie Cookie "claudia@www.w3counter[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.w3counter[2].txt" 15902226
5/31/2007-8:03:25 PM Detected winantivirus.com Tracking Cookie Cookie "claudia@www.winantivirus[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.winantivirus[1].txt" 1628853025
lioncaller
2007-06-02, 19:56
5/31/2007-8:03:25 PM Detected XXXCounter.com Tracking Cookie Cookie "claudia@xxxcounter[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@xxxcounter[1].txt" -1698282659
5/31/2007-8:03:27 PM Detected Nuvens Trojan Folder "c:\program files\video activex access" -1
5/31/2007-8:03:27 PM Detected Nuvens Trojan File "c:\documents and settings\claudia\favorites\online security test.url" 1553773647
5/31/2007-8:06:22 PM Detected Spax AX Trojan Key "hkey_local_machine \software\microsoft\windows\currentversion\uninstall\windows safety alert" -1
5/31/2007-8:06:23 PM Detected Moiling Trojan Key "hkey_local_machine \software\microsoft\windows\currentversion\policies\explorer\run" value "rare" -1
5/31/2007-8:06:23 PM Detected Puper Trojan Key "hkey_local_machine \software\microsoft\windows\currentversion\policies\explorer\run" value "user32.dll" -1
5/31/2007-8:06:23 PM Detected Nuvens Trojan Key "hkey_current_user \software\security tools" value "path" data "c:\program files\video activex access" -1
5/31/2007-8:06:23 PM Detected rtcode.com Tracking Cookie Cookie "claudia@11.rtcode[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@11.rtcode[2].txt" 2117826651
5/31/2007-8:06:23 PM Detected 247RealMedia.com Tracking Cookie Cookie "claudia@247realmedia[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@247realmedia[1].txt" -1786828497
5/31/2007-8:06:23 PM Detected 2o7.net Tracking Cookie Cookie "claudia@2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@2o7[1].txt" 2023184953
5/31/2007-8:06:23 PM Detected adbrite.com Tracking Cookie Cookie "claudia@adbrite[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adbrite[2].txt" -1596776654
5/31/2007-8:06:23 PM Detected adhostingsolutions.com Tracking Cookie Cookie "claudia@adhostingsolutions[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adhostingsolutions[1].txt" -2017940798
5/31/2007-8:06:23 PM Detected euroclick.com Tracking Cookie Cookie "claudia@adopt.euroclick[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adopt.euroclick[2].txt" 1974584041
5/31/2007-8:06:23 PM Detected specificclick.net Tracking Cookie Cookie "claudia@adopt.specificclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adopt.specificclick[1].txt" -552566849
5/31/2007-8:06:23 PM Detected addynamix.com Tracking Cookie Cookie "claudia@ads.addynamix[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.addynamix[1].txt" -1647310602
5/31/2007-8:06:23 PM Detected ticketmaster.com Tracking Cookie Cookie "claudia@ads.as4x.tmcs.ticketmaster[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.as4x.tmcs.ticketmaster[1].txt" 582224808
5/31/2007-8:06:23 PM Detected tmcs.net Tracking Cookie Cookie "claudia@ads.as4x.tmcs[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.as4x.tmcs[2].txt" 1628586046
5/31/2007-8:06:23 PM Detected PointRoll.com Tracking Cookie Cookie "claudia@ads.pointroll[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.pointroll[2].txt" 964401647
5/31/2007-8:06:23 PM Detected revsci.net Tracking Cookie Cookie "claudia@ads.revsci[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.revsci[1].txt" 120323602
5/31/2007-8:06:23 PM Detected scripps.com Tracking Cookie Cookie "claudia@adsremote.scripps[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adsremote.scripps[1].txt" 2143666011
5/31/2007-8:06:23 PM Detected adultrevenueservice.com Tracking Cookie Cookie "claudia@adultrevenueservice[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adultrevenueservice[1].txt" 277738416
5/31/2007-8:06:23 PM Detected webmd.com Tracking Cookie Cookie "claudia@adv.webmd[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@adv.webmd[1].txt" 2104875524
5/31/2007-8:06:23 PM Detected activemeter.com Tracking Cookie Cookie "claudia@am1.activemeter[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@am1.activemeter[2].txt" 915701089
5/31/2007-8:06:23 PM Detected Falkag Tracking Cookie Cookie "claudia@as-us.falkag[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@as-us.falkag[1].txt" -1305056767
5/31/2007-8:06:23 PM Detected AtlasDMT.com Tracking Cookie Cookie "claudia@atdmt[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@atdmt[1].txt" -1433681329
5/31/2007-8:06:23 PM Detected atwola.com Tracking Cookie Cookie "claudia@atwola[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@atwola[1].txt" -222633393
5/31/2007-8:06:23 PM Detected ipro.com Tracking Cookie Cookie "claudia@content.ipro[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@content.ipro[1].txt" 470846537
5/31/2007-8:06:23 PM Detected monster.com Tracking Cookie Cookie "claudia@cookie.monster[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@cookie.monster[1].txt" 2010251851
5/31/2007-8:06:23 PM Detected cpvfeed.com Tracking Cookie Cookie "claudia@cpvfeed[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@cpvfeed[1].txt" -14803448
5/31/2007-8:06:23 PM Detected Data.Coremetrics.com Tracking Cookie Cookie "claudia@data.coremetrics[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@data.coremetrics[1].txt" -787798260
5/31/2007-8:06:23 PM Detected myspace.com Tracking Cookie Cookie "claudia@delb.myspace[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@delb.myspace[1].txt" -493083583
5/31/2007-8:06:23 PM Detected digitalhealthcare.com Tracking Cookie Cookie "claudia@digitalhealthcare[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@digitalhealthcare[1].txt" -1324950851
5/31/2007-8:06:23 PM Detected Edge.ru4 Tracking Cookie Cookie "claudia@edge.ru4[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@edge.ru4[2].txt" -935801004
5/31/2007-8:06:23 PM Detected Exitexchange Tracking Cookie Cookie "claudia@exitexchange[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@exitexchange[2].txt" -2121312933
5/31/2007-8:06:23 PM Detected expedia.com Tracking Cookie Cookie "claudia@expedia[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@expedia[2].txt" 391068586
5/31/2007-8:06:23 PM Detected lycos.com Tracking Cookie Cookie "claudia@hb.lycos[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hb.lycos[1].txt" 1851855570
5/31/2007-8:06:23 PM Detected gemius.pl Tracking Cookie Cookie "claudia@hit.gemius[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hit.gemius[1].txt" 133317031
5/31/2007-8:06:23 PM Detected stat.pl Tracking Cookie Cookie "claudia@hit.stat[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hit.stat[2].txt" -1396661146
5/31/2007-8:06:23 PM Detected gureport.co.uk Tracking Cookie Cookie "claudia@hits.gureport.co[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@hits.gureport.co[1].txt" 1393610101
5/31/2007-8:06:23 PM Detected icio.us Tracking Cookie Cookie "claudia@icio[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@icio[1].txt" 315039047
5/31/2007-8:06:23 PM Detected insightexpressai.com Tracking Cookie Cookie "claudia@insightexpressai[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@insightexpressai[1].txt" -18871864465/31/2007-8:06:23 PM Detected insightexpress.com Tracking Cookie Cookie "claudia@insightexpress[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@insightexpress[2].txt" 1074393618
5/31/2007-8:06:23 PM Detected interclick.com Tracking Cookie Cookie "claudia@interclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@interclick[1].txt" 438936263
5/31/2007-8:06:23 PM Detected kanoodle.com Tracking Cookie Cookie "claudia@kanoodle[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@kanoodle[2].txt" 1515850650
5/31/2007-8:06:23 PM Detected hitsprocessor.com Tracking Cookie Cookie "claudia@loc1.hitsprocessor[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@loc1.hitsprocessor[2].txt" 1317108418
5/31/2007-8:06:23 PM Detected lycos.com Tracking Cookie Cookie "claudia@lycos[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@lycos[2].txt" 1458450945
5/31/2007-8:06:23 PM Detected webtrends.com Tracking Cookie Cookie "claudia@m.webtrends[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@m.webtrends[2].txt" -234725573
5/31/2007-8:06:23 PM Detected Mail.ru Tracking Cookie Cookie "claudia@mail[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mail[1].txt" 961801421
5/31/2007-8:06:23 PM Detected marketwatch.com Tracking Cookie Cookie "claudia@marketwatch[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@marketwatch[2].txt" 1640964284
5/31/2007-8:06:23 PM Detected medianewsgroup.com Tracking Cookie Cookie "claudia@medianewsgroup[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@medianewsgroup[2].txt" 1768599880
5/31/2007-8:06:23 PM Detected Mediaplex.com Tracking Cookie Cookie "claudia@mediaplex[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mediaplex[1].txt" 1444566907
5/31/2007-8:06:23 PM Detected 2o7.net Tracking Cookie Cookie "claudia@msnportal.112.2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@msnportal.112.2o7[1].txt" -386019833
5/31/2007-8:06:23 PM Detected mybloglog.com Tracking Cookie Cookie "claudia@mybloglog[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mybloglog[1].txt" -828388623
5/31/2007-8:06:23 PM Detected nbcuni.com Tracking Cookie Cookie "claudia@nbcuni[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@nbcuni[1].txt" -851594405
5/31/2007-8:06:23 PM Detected nextag.com Tracking Cookie Cookie "claudia@nextag[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@nextag[1].txt" 2021628288
5/31/2007-8:06:23 PM Detected webmd.com Tracking Cookie Cookie "claudia@o.webmd[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@o.webmd[1].txt" 853669306
5/31/2007-8:06:24 PM Detected advertserve.com Tracking Cookie Cookie "claudia@observer.advertserve[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@observer.advertserve[1].txt" 2119108865
5/31/2007-8:06:24 PM Detected One-Time-Offer Tracking Cookie Cookie "claudia@one-time-offer[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@one-time-offer[1].txt" 1026640909
5/31/2007-8:06:24 PM Detected onet.pl Tracking Cookie Cookie "claudia@onet[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@onet[1].txt" 724704808
5/31/2007-8:06:24 PM Detected partner2profit.com Tracking Cookie Cookie "claudia@partner2profit[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@partner2profit[1].txt" 1989957811
5/31/2007-8:06:24 PM Detected qnsr.com Tracking Cookie Cookie "claudia@qnsr[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@qnsr[1].txt" 1000792723
5/31/2007-8:06:24 PM Detected quantserve.com Tracking Cookie Cookie "claudia@quantserve[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@quantserve[1].txt" -2112601089
5/31/2007-8:06:24 PM Detected QuestionMarket.com Tracking Cookie Cookie "claudia@questionmarket[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@questionmarket[2].txt" 1589985302
5/31/2007-8:06:24 PM Detected RealMedia.com Tracking Cookie Cookie "claudia@realmedia[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@realmedia[2].txt" 1836517084
5/31/2007-8:06:24 PM Detected register.com Tracking Cookie Cookie "claudia@register[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@register[1].txt" -1286234851
5/31/2007-8:06:24 PM Detected revsci.net Tracking Cookie Cookie "claudia@revsci[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@revsci[1].txt" 1800920786
5/31/2007-8:06:24 PM Detected scrippsnetworksprivacy.com Tracking Cookie Cookie "claudia@scrippsnetworksprivacy[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@scrippsnetworksprivacy[2].txt" 408728625
5/31/2007-8:06:24 PM Detected scripps.com Tracking Cookie Cookie "claudia@scripps[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@scripps[1].txt" -1687613894
5/31/2007-8:06:24 PM Detected information.com Tracking Cookie Cookie "claudia@searchportal.information[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@searchportal.information[1].txt" -593673569
5/31/2007-8:06:24 PM Detected Ads.SpecificClick.com Tracking Cookie Cookie "claudia@specificclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@specificclick[1].txt" 1301486546
5/31/2007-8:06:24 PM Detected netflame.cc Tracking Cookie Cookie "claudia@ssl-hints.netflame[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ssl-hints.netflame[2].txt" 357667335
5/31/2007-8:06:24 PM Detected suitesmart.com Tracking Cookie Cookie "claudia@suitesmart[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@suitesmart[2].txt" 1673461607
5/31/2007-8:06:24 PM Detected WurldMedia.com Tracking Cookie Cookie "claudia@superstats[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@superstats[2].txt" -317298436
5/31/2007-8:06:24 PM Detected Tacoda cookie Tracking Cookie Cookie "claudia@tacoda[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tacoda[2].txt" 1812308239
5/31/2007-8:06:24 PM Detected theonion.com Tracking Cookie Cookie "claudia@theonion[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@theonion[2].txt" 1993908146
5/31/2007-8:06:24 PM Detected TrafficMarketplace Tracking Cookie Cookie "claudia@trafficmp[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@trafficmp[1].txt" 320322615
5/31/2007-8:06:24 PM Detected Travelocity.com Tracking Cookie Cookie "claudia@travelocity[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@travelocity[1].txt" -134064734
5/31/2007-8:06:24 PM Detected TribalFusion.com Tracking Cookie Cookie "claudia@tribalfusion[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tribalfusion[1].txt" 120321845
5/31/2007-8:06:24 PM Detected unicast.com Tracking Cookie Cookie "claudia@unicast[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@unicast[1].txt" -1448835292
5/31/2007-8:06:24 PM Detected untd.com Tracking Cookie Cookie "claudia@untd[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@untd[1].txt" -1670108547
5/31/2007-8:06:24 PM Detected venere.com Tracking Cookie Cookie "claudia@venere[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@venere[2].txt" 1859613848
5/31/2007-8:06:24 PM Detected venere.com Tracking Cookie Cookie "claudia@venere[3].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@venere[3].txt" 1840268329
5/31/2007-8:06:24 PM Detected washingtonpost.com Tracking Cookie Cookie "claudia@washingtonpost[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@washingtonpost[2].txt" 361032130
5/31/2007-8:06:24 PM Detected web-stat.com Tracking Cookie Cookie "claudia@web-stat[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@web-stat[2].txt" 1079084402
5/31/2007-8:06:24 PM Detected webpower.com Tracking Cookie Cookie "claudia@webpower[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@webpower[1].txt" -1210293156
5/31/2007-8:06:24 PM Detected webstat.net Tracking Cookie Cookie "claudia@webstat[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@webstat[1].txt" 103831522
5/31/2007-8:06:24 PM Detected whitepages.com Tracking Cookie Cookie "claudia@whitepages[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@whitepages[1].txt" 1570117998
5/31/2007-8:06:24 PM Detected winantivirus.com Tracking Cookie Cookie "claudia@winantivirus[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@winantivirus[2].txt" -658600056
5/31/2007-8:06:24 PM Detected ticketmaster.com Tracking Cookie Cookie "claudia@wt.ticketmaster[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@wt.ticketmaster[2].txt" -1759735008
5/31/2007-8:06:24 PM Detected 0stats.com Tracking Cookie Cookie "claudia@www.0stats[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.0stats[1].txt" 1247090364
5/31/2007-8:06:24 PM Detected burstbeacon.com Tracking Cookie Cookie "claudia@www.burstbeacon[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.burstbeacon[2].txt" -1338791636
5/31/2007-8:06:24 PM Detected cars.com Tracking Cookie Cookie "claudia@www.cars[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.cars[1].txt" 1319276531
5/31/2007-8:06:24 PM Detected revresda.com Tracking Cookie Cookie "claudia@www.revresda[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.revresda[1].txt" 1952582606
5/31/2007-8:06:24 PM Detected w3counter.com Tracking Cookie Cookie "claudia@www.w3counter[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.w3counter[2].txt" 15902226
5/31/2007-8:06:24 PM Detected winantivirus.com Tracking Cookie Cookie "claudia@www.winantivirus[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@www.winantivirus[1].txt" 1628853025
5/31/2007-8:06:24 PM Detected XXXCounter.com Tracking Cookie Cookie "claudia@xxxcounter[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@xxxcounter[1].txt" -1698282659
5/31/2007-8:06:24 PM Detected Nuvens Trojan Folder "c:\program files\video activex access" -1
5/31/2007-8:06:24 PM Detected Nuvens Trojan File "c:\documents and settings\claudia\favorites\online security test.url" 1553773647
5/31/2007-8:07:06 PM Deleted 247RealMedia.com Tracking Cookie Cookie "claudia@247realmedia[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@247realmedia[1].txt" -1
5/31/2007-8:07:06 PM Deleted 247RealMedia.com Tracking Cookie Cookie "claudia@247realmedia[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@247realmedia[1].txt" -1
5/31/2007-8:07:06 PM Deleted 2o7.net Tracking Cookie Cookie "claudia@2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@2o7[1].txt" -1
5/31/2007-8:07:06 PM Deleted 2o7.net Tracking Cookie Cookie "claudia@msnportal.112.2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@msnportal.112.2o7[1].txt" -1
5/31/2007-8:07:06 PM Deleted 2o7.net Tracking Cookie Cookie "claudia@2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@2o7[1].txt" -1
5/31/2007-8:07:06 PM Deleted 2o7.net Tracking Cookie Cookie "claudia@msnportal.112.2o7[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@msnportal.112.2o7[1].txt" -1
lioncaller
2007-06-02, 19:58
5/31/2007-8:07:06 PM Deleted Ads.SpecificClick.com Tracking Cookie Cookie "claudia@specificclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@specificclick[1].txt" -1
5/31/2007-8:07:06 PM Deleted Ads.SpecificClick.com Tracking Cookie Cookie "claudia@specificclick[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@specificclick[1].txt" -1
5/31/2007-8:07:06 PM Deleted AtlasDMT.com Tracking Cookie Cookie "claudia@atdmt[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@atdmt[1].txt" -1
5/31/2007-8:07:06 PM Deleted AtlasDMT.com Tracking Cookie Cookie "claudia@atdmt[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@atdmt[1].txt" -1
5/31/2007-8:07:06 PM Deleted Data.Coremetrics.com Tracking Cookie Cookie "claudia@data.coremetrics[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@data.coremetrics[1].txt" -1
5/31/2007-8:07:06 PM Deleted Data.Coremetrics.com Tracking Cookie Cookie "claudia@data.coremetrics[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@data.coremetrics[1].txt" -1
5/31/2007-8:07:06 PM Deleted Exitexchange Tracking Cookie Cookie "claudia@exitexchange[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@exitexchange[2].txt" -1
5/31/2007-8:07:06 PM Deleted Exitexchange Tracking Cookie Cookie "claudia@exitexchange[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@exitexchange[2].txt" -1
5/31/2007-8:07:06 PM Deleted Falkag Tracking Cookie Cookie "claudia@as-us.falkag[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@as-us.falkag[1].txt" -1
5/31/2007-8:07:06 PM Deleted Falkag Tracking Cookie Cookie "claudia@as-us.falkag[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@as-us.falkag[1].txt" -1
5/31/2007-8:07:06 PM Deleted Mail.ru Tracking Cookie Cookie "claudia@mail[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mail[1].txt" -1
5/31/2007-8:07:06 PM Deleted Mail.ru Tracking Cookie Cookie "claudia@mail[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mail[1].txt" -1
5/31/2007-8:07:06 PM Deleted Mediaplex.com Tracking Cookie Cookie "claudia@mediaplex[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mediaplex[1].txt" -1
5/31/2007-8:07:06 PM Deleted Mediaplex.com Tracking Cookie Cookie "claudia@mediaplex[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@mediaplex[1].txt" -1
5/31/2007-8:07:06 PM Deleted One-Time-Offer Tracking Cookie Cookie "claudia@one-time-offer[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@one-time-offer[1].txt" -1
5/31/2007-8:07:06 PM Deleted One-Time-Offer Tracking Cookie Cookie "claudia@one-time-offer[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@one-time-offer[1].txt" -1
5/31/2007-8:07:06 PM Deleted PointRoll.com Tracking Cookie Cookie "claudia@ads.pointroll[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.pointroll[2].txt" -1
5/31/2007-8:07:06 PM Deleted PointRoll.com Tracking Cookie Cookie "claudia@ads.pointroll[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@ads.pointroll[2].txt" -1
5/31/2007-8:07:06 PM Deleted QuestionMarket.com Tracking Cookie Cookie "claudia@questionmarket[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@questionmarket[2].txt" -1
5/31/2007-8:07:06 PM Deleted QuestionMarket.com Tracking Cookie Cookie "claudia@questionmarket[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@questionmarket[2].txt" -1
5/31/2007-8:07:06 PM Deleted RealMedia.com Tracking Cookie Cookie "claudia@realmedia[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@realmedia[2].txt" -1
5/31/2007-8:07:06 PM Deleted RealMedia.com Tracking Cookie Cookie "claudia@realmedia[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@realmedia[2].txt" -1
5/31/2007-8:07:06 PM Deleted Tacoda cookie Tracking Cookie Cookie "claudia@tacoda[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tacoda[2].txt" -1
5/31/2007-8:07:06 PM Deleted Tacoda cookie Tracking Cookie Cookie "claudia@tacoda[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tacoda[2].txt" -1
5/31/2007-8:07:06 PM Deleted TrafficMarketplace Tracking Cookie Cookie "claudia@trafficmp[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@trafficmp[1].txt" -1
5/31/2007-8:07:06 PM Deleted TrafficMarketplace Tracking Cookie Cookie "claudia@trafficmp[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@trafficmp[1].txt" -1
5/31/2007-8:07:06 PM Deleted Travelocity.com Tracking Cookie Cookie "claudia@travelocity[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@travelocity[1].txt" -1
5/31/2007-8:07:06 PM Deleted Travelocity.com Tracking Cookie Cookie "claudia@travelocity[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@travelocity[1].txt" -1
5/31/2007-8:07:06 PM Deleted TribalFusion.com Tracking Cookie Cookie "claudia@tribalfusion[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tribalfusion[1].txt" -1
5/31/2007-8:07:06 PM Deleted TribalFusion.com Tracking Cookie Cookie "claudia@tribalfusion[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@tribalfusion[1].txt" -1
5/31/2007-8:07:06 PM Deleted WurldMedia.com Tracking Cookie Cookie "claudia@superstats[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@superstats[2].txt" -1
5/31/2007-8:07:06 PM Deleted WurldMedia.com Tracking Cookie Cookie "claudia@superstats[2].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@superstats[2].txt" -1
5/31/2007-8:07:06 PM Deleted XXXCounter.com Tracking Cookie Cookie "claudia@xxxcounter[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@xxxcounter[1].txt" -1
5/31/2007-8:07:06 PM Deleted XXXCounter.com Tracking Cookie Cookie "claudia@xxxcounter[1].txt" File "C:\Documents and Settings\claudia\Cookies\claudia@xxxcounter[1].txt" -1
***End Report***
lioncaller
2007-06-02, 19:59
Then I ran Spybot for two rounds in Safe Mode till there was nothing left in red.
Here's the HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:58:45 PM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Palm\HOTSYNC.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\AOL\1132014694\ee\AOLHostManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1132014694\ee\AOLServiceHost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132014694\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
pskelley
2007-06-03, 16:10
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Understand this one was almost missed, when we look for 0 replies counts, this was 5. Reading the directions and following them would help you avoid this.
For your information:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
Most of what you posted are cookies you are storing? You do know how to delete cookies...correct?
Try this information for now: http://spyware-free.us/tutorials/cleanmgr/
Make sure you look here: C:\Documents and Settings\claudia\Cookies\ Delete everything in the folder in red (NOT THE FOLDER)
http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Post the C:\rapport.txt from Smitfraudfix.
Thanks
lioncaller
2007-06-03, 19:39
I'm sorry if I didn't follow directions--I really thought I had. In fact, it took me days to install the eTrust and HJT programs your sticky recommended, get the logs saved and get them posted here, while running Spybot serveral times in safemode in between, exactly as directed. I thought I saw the instruction to keep replying until the log was fully posted if it was too long for a single post. If there was another way to do this, it wasn't immediately obvious.
I will try to follow all your instructions above, but all I really want is to get this annoying fake alert off my tray. Thanks again.
lioncaller
2007-06-03, 20:02
Okay, Viewpt uninstalled (I know I've done that before, but maybe it got reinstalled after the IE 7 upgrade).
Can't see the cookies file; it's not under claudia.
Here's the rapport.txt:
SmitFraudFix v2.190
Scan done at 11:59:05.62, Sun 06/03/2007
Run from C:\Documents and Settings\claudia\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Palm\HOTSYNC.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\AOL\1132014694\ee\AOLHostManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1132014694\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrospect.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\indwvm.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\claudia
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\claudia\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\claudia\FAVORI~1
C:\DOCUME~1\claudia\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"
[HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 209.169.0.1
DNS Server Search Order: 209.169.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{589FA867-6707-4019-8496-FFBC463C2836}: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{589FA867-6707-4019-8496-FFBC463C2836}: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{589FA867-6707-4019-8496-FFBC463C2836}: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=209.169.0.1 209.169.31.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
thanks again
pskelley
2007-06-03, 20:12
http://siri.geekstogo.com/SmitfraudFix.php <<< tutorial if needed
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
Restart the computer and post the C:\rapport.txt from Smitfraudfix, the scan report from AVG Anti-Spyware and a new HJT log. Let me know how the computer is running now.
Thanks
lioncaller
2007-06-05, 04:16
thanks. sorry if it seems like i'm lagging but a) i have an isdn connection, which means all these downloads take forever, and b) i also work from home and don't run both computers simultaneously, so i can only work on this, my personal machine, off hours.
some other observations that might or might not be diagnostic for you: you earlier suggested that i delete the files in C:\documents and settings\claudia\cookies, and i reported that i cannot see that folder (though show hidden files is ON). however, when i was configuring my backup software to copy my data files to an ext. drive, THAT software saw that folder. FWIW. also, my address bar will not show up on win explorer (i don't mean IE), despite the fact that it IS turned ON in view/toolbars/address bar.
someone mentioned that this might mean my windows registry is "hosed."
okay. i installed AVG but have been unable to download any updates. it says the server is not ready serve, try again later. it's been saying that for a couple of days now.
also, in the middle of all this, when i logged on tonight norton popped up with a warning about downloader, a trojan. norton initially said it was unable to remove it, but eventually it told me it had deleted it.
woohoo.
anyway, here's the rapport report after running smitfraudfix to clean:
SmitFraudFix v2.190
Scan done at 19:55:00.98, Mon 06/04/2007
Run from C:\Documents and Settings\claudia\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"
[HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\claudia\FAVORI~1\Online Security Test.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{589FA867-6707-4019-8496-FFBC463C2836}: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{589FA867-6707-4019-8496-FFBC463C2836}: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{589FA867-6707-4019-8496-FFBC463C2836}: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=209.169.0.1 209.169.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=209.169.0.1 209.169.31.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
lioncaller
2007-06-05, 04:20
the good news, btw, is that the video access icon/fake alert is gone from my tray!!!!
the bad news is that performance is a bit slower overall. here's the new HJT log. i didn't run AVG without the updates, but tell me if i should, or should try something else.
thanks.
Logfile of HijackThis v1.99.1
Scan saved at 8:04:42 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Common Files\AOL\1132014694\ee\AOLHostManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1132014694\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Palm\HOTSYNC.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrospect.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132014694\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
pskelley
2007-06-05, 14:14
Thanks for returning your information and the feedback. I am going to ask you to be patient, you have a very nasty infection and it is not going to remove as easily as you got it on your computer.
Please read this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date, download the newest version and uninstall all old versions in Add Remove Programs.
Now do this: run cleanmgr
http://spyware-free.us/tutorials/cleanmgr/
The HJT log looks clean of malware, I would like to see the results of an AVG Anti-Spyware scan. If you can't update it run it anyway using these instructions:
http://forums.security-central.us/showthread.php?t=3165
Make sure your DELETE or QUARANTINE what finds and I do not need to see all of those cookies again. If it finds all of those cookies, then make sure you delete them and them edit then from the scan report before you post it.
Thanks
lioncaller
2007-06-05, 23:06
Well, after I updated JRE I was able to download the updates for AVG.
Re the cookies...still no way to delete them as I cannot see the file folder under C:\documents and settings\claudia. A search on the C: drive under cookies, cookie, tracking and trackingcookie did not turn the folder up, either. Any thoughts on that?
Because I can't get the address bar in the explore window to show up (it's turned ON), I can't simply paste in the location, either.
Ran cleanmgr; didn't hang, so assume registry doesn't need editing?
I deleted the cookies from the log below. AVG says it cleaned them.
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:03:38 PM 6/5/2007
+ Scan result:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0099329.dll -> Adware.Agent : Cleaned.
HKU\S-1-5-21-2223309570-2371488920-3401745623-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-2223309570-2371488920-3401745623-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB} -> Adware.RogueSuspect : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0099933.dll -> Downloader.Agent.bkd : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0099331.exe -> Downloader.Zlob.azc : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0099330.exe -> Downloader.Zlob.bgs : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099559.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP696\A0099179.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP696\A0099180.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP696\A0099181.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP696\A0099246.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP696\A0099247.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP696\A0099248.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP697\A0099302.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP697\A0099303.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP697\A0099304.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0099323.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0099324.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0099325.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0099344.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0099345.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0099346.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0099397.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0099398.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0099399.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0099430.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0099431.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0099432.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099539.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099540.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099541.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099548.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099549.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099550.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099556.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099557.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099558.dll -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099560.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP701\A0099561.exe -> Downloader.Zlob.btq : Cleaned.
::Report end
pskelley
2007-06-06, 00:20
Thanks for returning the information and your feedback. Is it possible these files are hidden? Follow the instructions for your Operating System:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Where did AVG say the cookies were stored, I don't like the eTrust log, hard to discern.
Here is information about cookies, how to control them and where to find them to delete them:
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
http://www.google.com/search?hl=en&q=how+to+delete+cookies&btnG=Google+Search
C:\System Volume Information\_restore <<< these are System Restore, follow these instructions to clean those:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
lioncaller
2007-06-07, 15:58
thanks again for all your help.
i don't think the files are hidden, or if they are, the show hidden files command is turned on, and other normally hidden files are displaying, so there must be some weird thing with the Cookies folder that makes it impossible to see. the AVG software saw it.
anyway, i'll figure that out later. thanks so much.
pskelley
2007-06-07, 16:10
Thanks for the feedback, perhaps you should scan with AVG, see if it finds cookies and see where they are?:bigthumb: The only thing I can think of is that whoever the administrator is that set up the computer, they created a new place for them to be stored that is not normal. Google cookies, plenty of information, 226,000,000 links.
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks