Page 1 of 5 12345 LastLast
Results 1 to 10 of 48

Thread: spysheriff victim and mcafee virus

  1. 2006-06-05, 21:35 #1
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default spysheriff victim and mcafee virus

    First time on a forum. Have BB router between cpmtr & surfboard. Had Mcafee virus turned off (idiot!) Accidentally loaded spysherrif (twice the fool). Uninstalled Mcafee thru ad/remove. Loaded and ran updated spybot. Cleaned all. Reinstalled Mcafee virus thru IE (got "boom" and mess. that disappears before IE runs - use Firefox for everything except Webex). Got spybot messages like "registery changed" (from lower to upper case, etc) , "change denied", etc. and IE (I use Firefox for most browsing). Got dos removal tool from Mcafee and ran it twice. Installed Mcafee virus again (clean??) Ran spybot again and cleaned. Still getting repeats of 3 new spybot messages re registry changes that won't go away. Help!
  2. 2006-06-05, 22:06 #2
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default follow up log & report

    After rebooting, the spybot reports stopped and every thing seems OK, except that when I open IE I get the boom chord and "cannot find 'file ///c/:/secure32.html" but then IE without my google search bar, and then I tried resetting my web settings, but nothing changed _ I prefer Firefox anywaybut am curious why the message.

    Should I follow Calamity Janes's advice to clear out system restore points? (I have XP pro with SP2)

    Thanks for being our online angels.
  3. 2006-06-05, 22:11 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,964

    Default

    Merged two topics.

    Hello,

    I do not see CalamityJane assisting you; both of your posts are in this thread.

    Please follow the instructions here to post a HJT log.
    BEFORE you post a log, and who will advise you. Preliminary Steps

    Copy paste the log into this topic and a helper will assist you as soon as available.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  4. 2006-06-07, 22:38 #4
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Red face Spy Sherrif got me,

    MY COMPUTER IS NOW IN YOUR HANDS, O WISE ONE, PLEASE GIVE ME YOUR WISOM AND ADVICE AND I WILL FOLLOW YOUR COUNSEL. COMCAST HAS NOW BLOCK ALL MY OUTGOING EMAIL TO THE WORLD (DON'T BLAME THEM - ALTHOUGH IT DID ALL HAPPEN AFTER INSTALLING AND THEN INADVERTANTLY DISABLING "VIRUS")

    HERE IS MY PANDA LOG FOLLOWED BY MY HYJACKTHIS LOG. THANK YOU FOR BEING THERE FOR US!

    PANDA:

    Incident Status Location

    Adware:Adware/Secure32 Not disinfected C:\Program Files\nbak.exe
    Adware:adware/secure32 Not disinfected Windows Registry
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.go.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.advertising.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.2o7.net/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.atwola.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.centrport.net/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.com.com/]
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.cs.sexcounter.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.microsofteup.112.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.microsoftwga.112.2o7.net/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.revenue.net/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.xiti.com/]
    Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.xmts.net/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.z1.adserver.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.zedo.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Enhance Not disinfected
  5. 2006-06-07, 22:44 #5
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default Spysheriff Fix Logs 2 Of 4

    C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[c.enhance.com/]
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[c.goclick.com/]
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[hc2.humanclick.com/]
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[hc2.humanclick.com/hc/51325817]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/hc/41409448]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/hc/42435556]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/hc/LPservicemagic]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.centrport.net/]
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.ct.360i.com/]
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.did-it.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.go.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.rn11.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.target.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.z1.adserver.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[c.enhance.com/]
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[c.goclick.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/11501984]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/4268343]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/78893611]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/LPservicemagic]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/BurstBeacon Not disinfected
  6. 2006-06-07, 22:45 #6
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default Spysherrif Logs 3 Of 4

    C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[www.web-stat.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@2o7[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@ad.yieldmanager[1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@ads.pointroll[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@atwola[1].txt
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@centrport[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@go[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@perf.overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@questionmarket[1].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@searchportal.information[1].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@tradedoubler[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@tribalfusion[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@xiti[1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@z1.adserver[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@zedo[1].txt
    Virus:Trj/Killwin.M Disinfected C:\Documents and Settings\J.Peter Holsman\Desktop\VSCleanupTool.exe
    Virus:Trj/Killwin.M Disinfected C:\Documents and Settings\J.Peter Holsman\Local Settings\Temp\GLF100.EXE
    Virus:Trj/Killwin.M Disinfected C:\Documents and Settings\J.Peter Holsman\Local Settings\Temp\GLF7.EXE
    Virus:Trj/Killwin.M Disinfected C:\Documents and Settings\J.Peter Holsman\Local Settings\Temp\GLFF.EXE
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Techsupport\Cookies\techsupport@atdmt[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Techsupport\Cookies\techsupport@doubleclick[1].txt
    Virus:Trj/Goldun.IR Disinfected C:\jjyvrdl.exe
    Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\Techsupport\Cookies\techsupport@atdmt[2].txt
    Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Techsupport\Cookies\techsupport@doubleclick[1].txt
    Spyware:Cookie/Bfast Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\ad@bfast[2].txt
    Spyware:Cookie/RealMedia Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\ad@realmedia[1].txt
    Spyware:Cookie/Bfast Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@bfast[2].txt
    Spyware:Cookie/CentrPort Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt
    Spyware:Cookie/Doubleclick Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    Spyware:Cookie/Hitbox Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt
    Spyware:Cookie/Mediaplex Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
    Spyware:Cookie/RealMedia Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
    Spyware:Cookie/2o7 Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@2o7[2].txt
    Spyware:Cookie/PointRoll Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@ads.pointroll[2].txt
    Spyware:Cookie/Adtech Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@adtech[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@atdmt[2].txt
    Spyware:Cookie/Doubleclick Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@doubleclick[2].txt
    Spyware:Cookie/Hitbox Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@ehg-ati.hitbox[2].txt
    Spyware:Cookie/Hitbox Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@hitbox[2].txt
    Spyware:Cookie/HotLog Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@hotlog[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@questionmarket[1].txt
  7. 2006-06-07, 22:46 #7
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default Spysherrif Logs 4 Of 4 (all Of Hijackthis Log)

    HIJACKTHIS LOG:
    Logfile of HijackThis v1.99.1
    Scan saved at 3:08:44 PM, on 6/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\WINNT\system32\cisvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\nbak.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\SecCopy\SecCopy.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\Program Files\Handspring\HOTSYNC.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\NEW DOWNLOADS\Spybot and Panda\safer\HijackThis.exe
    C:\WINNT\system32\cidaemon.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SysTray] C:\Program Files\nbak.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://construction.webex.com/clien...ng/ieatgpc.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: se500mdm - C:\WINNT\SYSTEM32\se500mdm.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\jclcmkhp.dll (file missing)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
  8. 2006-06-07, 22:48 #8
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default Spysherrif Infection. Requested Logs Completed

    I Await Your Help. You Are My Last Hope. Thanks For Being There.
  9. 2006-06-07, 23:01 #9
    HOLSMAN
    HOLSMAN is offline
    Member
    Join Date
    Jun 2006
    Posts
    34

    Default spysheriff problem one more thing: some error messages during safemode searchprocess

    While following your directions (and before) I got the following error messages along the way:

    " ACSTART16.EXE failed, OXcoooooo5" (not sure of zero count) - twice, with a low chime/boom sound!

    "NT AUTHORITY SYSTMEM SHUTDOWN" followed by freeze up and had to cold boot.

    and was still gettiing Spybot messages with a registry change noted in an identical filename with "mc...(something).exe" in caps then in lower case, followed by yellow dialog popup saying "registry change denied"
  10. 2006-06-08, 02:02 #10
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,964

    Default

    Hello.

    I merged another of your new topics into your original; please click Post Reply, not Start New Topic. Thanks.

    A helper will assist you as soon as available and we have this topic if it became necessary:

    If you have waited four days for advice post here.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules