Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Okay, I've been messing with my good ole WinFixer pal and I'm not sure if I've gotten rid of it finally or not. Much help in helping me find it will surely be appreciated!

ogfile of HijackThis v1.99.1
Scan saved at 12:23:28 AM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bw.myway.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5RS_0001_0808] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SDYJSHEZ\WFXScanR[1].exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kontiki.com/securedelivery/main/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


Thanks in advance!
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

You appeared to have use SpySweeper to have cleared Winfixer (Vundo). I will need to have a look at SpySweeper's logs.

Please launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply

SpySweeper is an antispyware program. It's not an antivirus program. You do not appear to have any installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Please download & install - CleanUp.exe


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
  • WeatherBug
    My Way

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bw.myway.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [NI.UWFX5RS_0001_0808] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SDYJSHEZ\WFXScanR[1].exe"
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\MyWay\
    C:\Program Files\AWS\

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Perform an online scan with Internet Explorer at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  1. HiJackThis
    [*] Online scan
    [*] SpySweeper's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
2 Posts
Discussion Starter #3
12:04 AM: | Start of Session, Sunday, October 23, 2005 |
12:04 AM: Spy Sweeper started
12:04 AM: Sweep initiated using definitions version 560
12:04 AM: Starting Memory Sweep
12:05 AM: Found Adware: virtumonde
12:05 AM: Detected running threat: C:\WINDOWS\system32\gebyw.dll (ID = 77)
12:07 AM: Memory Sweep Complete, Elapsed Time: 00:02:20
12:07 AM: Starting Registry Sweep
12:07 AM: Found Adware: altnet
12:07 AM: HKCR\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}\ (1 subtraces) (ID = 103460)
12:07 AM: HKCR\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}\ (1 subtraces) (ID = 103462)
12:07 AM: Found Adware: linkmaker
12:07 AM: HKLM\software\lm\ (4 subtraces) (ID = 129744)
12:07 AM: HKLM\software\microsoft\windows\currentversion\uninstall\hyperlinker\ (2 subtraces) (ID = 129748)
12:07 AM: Found Adware: websearch toolbar
12:07 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (7 subtraces) (ID = 146518)
12:07 AM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
12:07 AM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
12:07 AM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
12:07 AM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1009\software\wintools\ (10 subtraces) (ID = 146514)
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1009\software\wintools\ (10 subtraces) (ID = 646241)
12:07 AM: Found Adware: cydoor peer-to-peer dependency
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1008\software\kazaa\promotions\cydoor\ (3029 subtraces) (ID = 124527)
12:07 AM: Found Adware: instafinder
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1008\software\instafin\ (10 subtraces) (ID = 128665)
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1008\software\instafink\ (21 subtraces) (ID = 128666)
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1008\software\microsoft\windows\currentversion\run\ || wintools (ID = 146484)
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1008\software\wintools\ (10 subtraces) (ID = 146514)
12:07 AM: HKU\WRSS_Profile_S-1-5-21-2814103510-1836554778-3720395319-1008\software\wintools\ (10 subtraces) (ID = 646241)
12:07 AM: Registry Sweep Complete, Elapsed Time:00:00:14
12:07 AM: Starting Cookie Sweep
12:07 AM: Found Spy Cookie: 2o7.net cookie
12:07 AM: [email protected][1].txt (ID = 1958)
12:07 AM: Found Spy Cookie: go.com cookie
12:07 AM: [email protected][1].txt (ID = 2729)
12:07 AM: [email protected][1].txt (ID = 2728)
12:07 AM: [email protected][1].txt (ID = 2729)
12:07 AM: [email protected][1].txt (ID = 1957)
12:07 AM: Found Spy Cookie: websponsors cookie
12:07 AM: [email protected][2].txt (ID = 3665)
12:07 AM: Found Spy Cookie: about cookie
12:07 AM: [email protected][1].txt (ID = 2037)
12:07 AM: Found Spy Cookie: yieldmanager cookie
12:07 AM: [email protected][1].txt (ID = 3751)
12:07 AM: Found Spy Cookie: adknowledge cookie
12:07 AM: [email protected][1].txt (ID = 2072)
12:07 AM: Found Spy Cookie: specificclick.com cookie
12:07 AM: [email protected][1].txt (ID = 3400)
12:07 AM: Found Spy Cookie: adrevolver cookie
12:07 AM: [email protected][2].txt (ID = 2088)
12:07 AM: [email protected][3].txt (ID = 2088)
12:07 AM: Found Spy Cookie: addynamix cookie
12:07 AM: [email protected][2].txt (ID = 2062)
12:07 AM: Found Spy Cookie: pointroll cookie
12:07 AM: [email protected][2].txt (ID = 3148)
12:07 AM: Found Spy Cookie: ads.tripod.lycos.com cookie
12:07 AM: [email protected][2].txt (ID = 2133)
12:07 AM: [email protected][3].txt (ID = 2133)
12:07 AM: Found Spy Cookie: advertising cookie
12:07 AM: [email protected][1].txt (ID = 2175)
12:07 AM: [email protected][1].txt (ID = 2038)
12:07 AM: Found Spy Cookie: ask cookie
12:07 AM: [email protected][1].txt (ID = 2245)
12:07 AM: Found Spy Cookie: atlas dmt cookie
12:07 AM: [email protected][2].txt (ID = 2253)
12:07 AM: Found Spy Cookie: atwola cookie
12:07 AM: [email protected][1].txt (ID = 2255)
12:07 AM: Found Spy Cookie: azjmp cookie
12:07 AM: [email protected][2].txt (ID = 2270)
12:07 AM: Found Spy Cookie: bannerspace cookie
12:07 AM: [email protected][2].txt (ID = 2284)
12:07 AM: Found Spy Cookie: banner cookie
12:07 AM: [email protected][1].txt (ID = 2276)
12:07 AM: Found Spy Cookie: belnk cookie
12:07 AM: [email protected][1].txt (ID = 2292)
12:07 AM: Found Spy Cookie: bizrate cookie
12:07 AM: [email protected][2].txt (ID = 2308)
12:07 AM: Found Spy Cookie: bluestreak cookie
12:07 AM: [email protected][1].txt (ID = 2314)
12:07 AM: Found Spy Cookie: bravenet cookie
12:07 AM: [email protected][2].txt (ID = 2322)
12:07 AM: Found Spy Cookie: burstnet cookie
12:07 AM: [email protected][2].txt (ID = 2336)
12:07 AM: [email protected][3].txt (ID = 2336)
12:07 AM: Found Spy Cookie: gostats cookie
12:07 AM: [email protected][2].txt (ID = 2748)
12:07 AM: Found Spy Cookie: casalemedia cookie
12:07 AM: [email protected][1].txt (ID = 2354)
12:07 AM: Found Spy Cookie: ccbill cookie
12:07 AM: [email protected][1].txt (ID = 2369)
12:07 AM: Found Spy Cookie: centrport net cookie
12:07 AM: [email protected][1].txt (ID = 2374)
12:07 AM: [email protected][2].txt (ID = 1958)
12:07 AM: [email protected][2].txt (ID = 1958)
12:07 AM: Found Spy Cookie: counter cookie
12:07 AM: [email protected][1].txt (ID = 2477)
12:07 AM: Found Spy Cookie: coremetrics cookie
12:07 AM: [email protected][1].txt (ID = 2472)
12:07 AM: Found Spy Cookie: webtrendslive cookie
12:07 AM: [email protected]_8j7n[2].txt (ID = 3673)
12:07 AM: [email protected][2].txt (ID = 2293)
12:07 AM: Found Spy Cookie: ru4 cookie
12:07 AM: [email protected][1].txt (ID = 3269)
12:07 AM: Found Spy Cookie: engage cookie
12:07 AM: [email protected][2].txt (ID = 2611)
12:07 AM: [email protected][1].txt (ID = 2729)
12:07 AM: Found Spy Cookie: fe.lea.lycos.com cookie
12:07 AM: [email protected][1].txt (ID = 2660)
12:07 AM: [email protected][2].txt (ID = 2660)
12:07 AM: Found Spy Cookie: fortunecity cookie
12:07 AM: [email protected][2].txt (ID = 2686)
12:07 AM: Found Spy Cookie: gamespy cookie
12:07 AM: [email protected][1].txt (ID = 2719)
12:07 AM: Found Spy Cookie: goclick cookie
12:07 AM: [email protected][1].txt (ID = 2732)
12:07 AM: [email protected][2].txt (ID = 2747)
12:07 AM: [email protected][2].txt (ID = 2728)
12:07 AM: Found Spy Cookie: domainsponsor cookie
12:07 AM: [email protected][1].txt (ID = 2535)
12:07 AM: Found Spy Cookie: linksynergy cookie
12:07 AM: [email protected][2].txt (ID = 2926)
12:07 AM: Found Spy Cookie: maxserving cookie
12:07 AM: [email protected][1].txt (ID = 2966)
12:07 AM: [email protected][1].txt (ID = 2719)
12:07 AM: Found Spy Cookie: metriweb.be cookie
12:07 AM: [email protected][1].txt (ID = 2992)
12:07 AM: Found Spy Cookie: nextag cookie
12:07 AM: [email protected][2].txt (ID = 5014)
12:07 AM: Found Spy Cookie: passion cookie
12:07 AM: [email protected][1].txt (ID = 3113)
12:07 AM: Found Spy Cookie: paycounter cookie
12:07 AM: [email protected][1].txt (ID = 3115)
12:07 AM: Found Spy Cookie: overture cookie
12:07 AM: [email protected][1].txt (ID = 3106)
12:07 AM: Found Spy Cookie: questionmarket cookie
12:07 AM: [email protected][1].txt (ID = 3217)
12:07 AM: Found Spy Cookie: realmedia cookie
12:07 AM: [email protected][1].txt (ID = 3235)
12:07 AM: Found Spy Cookie: reunion cookie
12:07 AM: [email protected][2].txt (ID = 3255)
12:07 AM: Found Spy Cookie: revenue.net cookie
12:07 AM: [email protected][1].txt (ID = 3257)
12:07 AM: [email protected][1].txt (ID = 2729)
12:07 AM: Found Spy Cookie: servedby advertising cookie
12:07 AM: [email protected][2].txt (ID = 3335)
12:07 AM: Found Spy Cookie: server.iad.liveperson cookie
12:07 AM: [email protected][1].txt (ID = 3341)
12:07 AM: Found Spy Cookie: serving-sys cookie
12:07 AM: [email protected][1].txt (ID = 3343)
12:07 AM: [email protected][1].txt (ID = 2729)
12:07 AM: [email protected][1].txt (ID = 2729)
12:07 AM: Found Spy Cookie: statcounter cookie
12:07 AM: [email protected][2].txt (ID = 3447)
12:07 AM: Found Spy Cookie: reliablestats cookie
12:07 AM: [email protected][1].txt (ID = 3254)
12:07 AM: [email protected][1].txt (ID = 3667)
12:07 AM: Found Spy Cookie: targetnet cookie
12:07 AM: [email protected][2].txt (ID = 3489)
12:07 AM: Found Spy Cookie: tracking cookie
12:07 AM: [email protected][2].txt (ID = 3571)
12:07 AM: Found Spy Cookie: tradedoubler cookie
12:07 AM: [email protected][1].txt (ID = 3575)
12:07 AM: Found Spy Cookie: trafficmp cookie
12:07 AM: [email protected][1].txt (ID = 3581)
12:07 AM: Found Spy Cookie: tripod cookie
12:07 AM: [email protected][1].txt (ID = 3591)
12:07 AM: Found Spy Cookie: burstbeacon cookie
12:07 AM: [email protected][2].txt (ID = 2335)
12:07 AM: Found Spy Cookie: x10 cookie
12:07 AM: [email protected][2].txt (ID = 3711)
12:07 AM: [email protected][1].txt (ID = 3749)
12:07 AM: Found Spy Cookie: adserver cookie
12:07 AM: [email protected][1].txt (ID = 2142)
12:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:07
12:07 AM: Starting File Sweep
12:07 AM: c:\documents and settings\brian\local settings\temp\admcache (ID = -2147481437)
12:07 AM: Found Adware: gain-supported software
12:07 AM: c:\documents and settings\brian\local settings\temp\fsg_tmp (2 subtraces) (ID = -2147480935)
12:08 AM: lmdv.bin (ID = 65588)
12:10 AM: Sweep Canceled
12:10 AM: File Sweep Complete, Elapsed Time: 00:02:43
12:10 AM: Traces Found: 3235
12:11 AM: Removal process initiated
12:11 AM: Quarantining All Traces: websearch toolbar
12:11 AM: Quarantining All Traces: altnet
12:11 AM: Quarantining All Traces: cydoor peer-to-peer dependency
12:11 AM: Quarantining All Traces: gain-supported software
12:11 AM: Quarantining All Traces: instafinder
12:11 AM: Quarantining All Traces: linkmaker
12:11 AM: Quarantining All Traces: virtumonde
12:11 AM: virtumonde is in use. It will be removed on reboot.
12:11 AM: C:\WINDOWS\system32\gebyw.dll is in use. It will be removed on reboot.
12:11 AM: Quarantining All Traces: 2o7.net cookie
12:11 AM: Quarantining All Traces: about cookie
12:11 AM: Quarantining All Traces: addynamix cookie
12:11 AM: Quarantining All Traces: adknowledge cookie
12:11 AM: Quarantining All Traces: adrevolver cookie
12:11 AM: Quarantining All Traces: ads.tripod.lycos.com cookie
12:11 AM: Quarantining All Traces: adserver cookie
12:11 AM: Quarantining All Traces: advertising cookie
12:11 AM: Quarantining All Traces: ask cookie
12:11 AM: Quarantining All Traces: atlas dmt cookie
12:11 AM: Quarantining All Traces: atwola cookie
12:11 AM: Quarantining All Traces: azjmp cookie
12:11 AM: Quarantining All Traces: banner cookie
12:11 AM: Quarantining All Traces: bannerspace cookie
12:11 AM: Quarantining All Traces: belnk cookie
12:11 AM: Quarantining All Traces: bizrate cookie
12:11 AM: Quarantining All Traces: bluestreak cookie
12:11 AM: Quarantining All Traces: bravenet cookie
12:11 AM: Quarantining All Traces: burstbeacon cookie
12:11 AM: Quarantining All Traces: burstnet cookie
12:11 AM: Quarantining All Traces: casalemedia cookie
12:11 AM: Quarantining All Traces: ccbill cookie
12:11 AM: Quarantining All Traces: centrport net cookie
12:11 AM: Quarantining All Traces: coremetrics cookie
12:11 AM: Quarantining All Traces: counter cookie
12:11 AM: Quarantining All Traces: domainsponsor cookie
12:11 AM: Quarantining All Traces: engage cookie
12:11 AM: Quarantining All Traces: fe.lea.lycos.com cookie
12:11 AM: Quarantining All Traces: fortunecity cookie
12:11 AM: Quarantining All Traces: gamespy cookie
12:11 AM: Quarantining All Traces: go.com cookie
12:11 AM: Quarantining All Traces: goclick cookie
12:11 AM: Quarantining All Traces: gostats cookie
12:11 AM: Quarantining All Traces: linksynergy cookie
12:11 AM: Quarantining All Traces: maxserving cookie
12:11 AM: Quarantining All Traces: metriweb.be cookie
12:11 AM: Quarantining All Traces: nextag cookie
12:11 AM: Quarantining All Traces: overture cookie
12:11 AM: Quarantining All Traces: passion cookie
12:11 AM: Quarantining All Traces: paycounter cookie
12:11 AM: Quarantining All Traces: pointroll cookie
12:11 AM: Quarantining All Traces: questionmarket cookie
12:11 AM: Quarantining All Traces: realmedia cookie
12:11 AM: Quarantining All Traces: reliablestats cookie
12:11 AM: Quarantining All Traces: reunion cookie
12:11 AM: Quarantining All Traces: revenue.net cookie
12:11 AM: Quarantining All Traces: ru4 cookie
12:11 AM: Quarantining All Traces: servedby advertising cookie
12:11 AM: Quarantining All Traces: server.iad.liveperson cookie
12:11 AM: Quarantining All Traces: serving-sys cookie
12:11 AM: Quarantining All Traces: specificclick.com cookie
12:11 AM: Quarantining All Traces: statcounter cookie
12:11 AM: Quarantining All Traces: targetnet cookie
12:11 AM: Quarantining All Traces: tracking cookie
12:11 AM: Quarantining All Traces: tradedoubler cookie
12:11 AM: Quarantining All Traces: trafficmp cookie
12:11 AM: Quarantining All Traces: tripod cookie
12:11 AM: Quarantining All Traces: websponsors cookie
12:11 AM: Quarantining All Traces: webtrendslive cookie
12:11 AM: Quarantining All Traces: x10 cookie
12:11 AM: Quarantining All Traces: yieldmanager cookie
12:11 AM: Warning: Launched explorer.exe
12:11 AM: Warning: Quarantine process could not restart Explorer.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Please delete these additional files, if present:

C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini1
C:\WINDOWS\system32\wybeg.bak
C:\WINDOWS\system32\wybeg.bak1
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top