PDA

View Full Version : Well, I've done all I know of



pessimistdepressionist
2006-07-20, 08:33
So I've run Norton 2006, Spybot, and Ad-Aware, and while each of them found problems, nothing has solved them all, especially that little annoying "warning icon" in the system tray. So here's my latest log file; I saw a couple that looked strange even to me, so I'm sure someone else will spot them right away.

Logfile of HijackThis v1.99.1
Scan saved at 10:06:04 PM, on 7/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\ms0651892-18074.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{9444790C-096B-1033-0826-040307040001}\Update.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Documents and Settings\Jayec\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ms0651892-18074] C:\WINDOWS\ms0651892-18074.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs:
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\System32\pmnqguh.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

teacup61
2006-07-20, 17:23
Hello pessimistdepressionist,

Welcome to Safer Networking Forums :)

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Thanks,
tea

pessimistdepressionist
2006-07-20, 20:31
Think that got it. Nosey little bastards over in Nigeria, ain't they?

Logfile of HijackThis v1.99.1
Scan saved at 10:23:41 AM, on 7/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\ms0651892-18074.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\{9444790C-096B-1033-0826-040307040001}\Update.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jayec\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ms0651892-18074] C:\WINDOWS\ms0651892-18074.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Unfortunately I ran smit twice, so that log shows clear, but the first mentioned cleaning the four is* files and lsass

pessimistdepressionist
2006-07-20, 20:59
... Or maybe I spoke too soon, since I'm still getting browser jacked.

Though both times I ran smit it never mentioned the wininet.dll file. Is this something I should check manually?

teacup61
2006-07-20, 22:13
Hello again,

Right, smitfraud is gone, but there are other things that need to go here.

Via Add/Remove Programs, please remove anything to do with Yazzle Sudoku.

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)


Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [ms0651892-18074] C:\WINDOWS\ms0651892-18074.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Also, delete the following:

C:\WINDOWS\ms0651892-18074.exe
C:\Program Files\TClock<---this folder


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from Ewido and a new HijackThis log and let me know how your computer is running now. :)

Thanks

pessimistdepressionist
2006-07-21, 01:44
Okay, just finished, so we'll see if you spot anything in the log. No pop-ups yet, and ten minutes in when it would normally start. But now I keep getting messages from Ewido about file "C\WINDOWS\System32\ddcyy.dll" telling me it's adware, quarrentines it, then I get another notification about it a couple minutes later. Any ideas?

Also, ran Ad-Aware under normal windows just to check and it still found 15 objects. Should I just go back to safe mode and run everything i.e. Ewido, Ad-Aware, Spybot, etc all at once?

Logfile of HijackThis v1.99.1
Scan saved at 3:11:42 PM, on 7/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jayec\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

pessimistdepressionist
2006-07-21, 01:44
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:33:21 PM 7/20/2006

+ Scan result:



C:\WINDOWS\System32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ddcyy.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__m_s_0_6_5_1_8_9_2_-_1_8_0_7_4_._e_x_e_ -> Downloader.VB.aga : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.151:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.154:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.155:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.115:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.200:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.201:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.202:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.203:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.301:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.302:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.62:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.63:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.139:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.170:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.161:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.162:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.163:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.291:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.292:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.293:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.294:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.295:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.69:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.70:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.71:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.134:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.328:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.329:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.330:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.196:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.105:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.308:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.309:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.310:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.50:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.311:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.312:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.107:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.108:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.109:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.83:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.84:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.85:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.27:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.30:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.31:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.244:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.245:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.246:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.247:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.91:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.248:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.253:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.255:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.262:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.290:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.271:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.272:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.273:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.274:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.275:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.276:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.277:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.278:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.279:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.280:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.96:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.97:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.98:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.23:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.57:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.112:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.113:C:\Documents and Settings\Jayec\Application Data\Mozilla\Firefox\Profiles\a6rw7kgh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jayec\Cookies\jayec@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\{9444790C-096B-1033-0826-040307040001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).


::Report end

teacup61
2006-07-21, 02:15
Hello,

Could I see a log made in normal mode please? This one is considerably shorter.The file you mention looks like vundo, but it's not in the log.
i.e. Ewido, Ad-Aware, SpybotYes, you can run those in safe mode, then post the HijackThis log made in normal mode, please. :) How is it running?

Thanks,
tea

pessimistdepressionist
2006-07-24, 11:05
Sorry, was out of town for a bit. Currently there's no browser jacking going on, but each time I start windows Ewido finds the exact smae three programs and labels them malware. I'll post a new log tomorrow night after work.

tashi
2006-07-28, 20:46
How is it going pessimistdepressionist :)

tashi
2006-07-31, 10:41
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.