PDA

View Full Version : Persistent adware


JerryO
2006-03-11, 23:06
Hello,
Thanks in advance for your help.
Here is a HJT log after running virus scan and Spybot 1.4.
Jerry
Logfile of HijackThis v1.99.1
Scan saved at 1:52:25 PM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\D-Link Media Server\MediaGUI.exe
C:\Program Files\D-Link Media Server\MediaServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jerry Olson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: D-Link DSM320 Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Media Server.lnk.disabled
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
shelf life
2006-03-13, 01:41
hi JerryO,

log dosnt look bad.

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...terInstall.cab
------------------------
update and run ewido, and save the log file it generates. post the ewido log in next reply.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

shelf life
JerryO
2006-03-13, 04:25
Ok thanks,
Here is the log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:20:39 PM, 3/12/2006
+ Report-Checksum: 98B8B0BA

+ Scan result:

C:\!KillBox\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Jerry Olson\Application Data\Mozilla\Firefox\Profiles\msgnbfmc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@lovefreegames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jerry Olson\Cookies\jerry olson@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0096584.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0096586.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0096587.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP413\A0096588.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0096734.DLL -> Adware.Softomate : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0096811.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0096812.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0096813.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0096815.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\WINDOWS\SYSTEM32\qgakq.dat -> Downloader.Qoologic.ax : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup


::Report End
shelf life
2006-03-13, 05:28
hi JerryO,

good, how are things on that end? have you been to windows update lately for critical patches/updates?
JerryO
2006-03-13, 21:42
Still getting pop-ups with web nexus network listed at the bottom.PC-cillin reports unable to quarantine Troj Qoolaid.R I have prev. tried to update with sevice Pack 2 but unable to load it.I use Firefox as a browser.
Thanks again.
Jerry
shelf life
2006-03-14, 01:36
hi JerryO,

ok lets try this instead. check for updates to your antivirus and ewido. dont scan with them yet, we will do that in safe mode. you get to safe mode by tapping the f8 key during a computer restart. chose the first option safe mode. once at the safe mode desktop run ewido and your antivirus app.
after they finish, reboot computer normally pick out one or two of these and do a online scan: not all of these support using firefox, one may, if not launch IE to do the scans.

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
check AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest

Kaspersky virus scanner
http://www.kaspersky.com/virusscanner

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
check Auto Clean.

F-Secure virus scanner
http://support.f-secure.com/enu/home/ols.shtml

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
JerryO
2006-03-19, 19:37
Hello,
Sorry for the delay.I ran the pc-cillin and ewido in safe mode then online scan with Bitdefender and eTrust.The last scan was etrust which found and I hope eliminated a virus.I wasn`t sure if you wanted me to include any reports.
Jerry
shelf life
2006-03-19, 23:22
hi JerryO,

no need for any logs if everything is ok. you might try getting sp2 by turning the auto update feature on. to use the windows update web site you need to be using IE.

shelf life
JerryO
2006-03-19, 23:34
Hello,
Everything appears to be running well. I will try to update today.
Thanks again.
Jerry
LonnyRJones
2006-03-24, 19:03
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.

Thanks shelf life