Continuous spy ware and unwanted favs>

[MrHuggy]

I seem to be having an issue with the same spy ware reloading itself on my system. I run spy-bot and then the very next day i have the same spy-ware back on. I also have this issue where things are on my fav list in iexplorer when i have not added them. Any help? I have hijack this and can post my findings if that will help.

[Azn_tweaker]

download ad-aware 6.0 here: http://www.lavasoftusa.com/support/download/

Then use the WebUpdate to get the latest reference file
Then Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest reference file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
then scan doing a "Full Scan" (Custom)
Post ur Log- When the scan is complete, click "Show Log", then highlight all of the text in the logfile with your mouse. On your keyboard, press Ctrl + C, which will copy the text to your clipboard. Now be online, logged in and ready to post your logfile. Press Ctl and V and that will copy your logfile to the post!

[MrHuggy]

Here is half

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-30-2004 7:36:04 PM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 7:36:07 PM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 7:36:07 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft Windows Operating System
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 8/23/2001 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 7:36:07 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft Windows Operating System
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 8/29/2002 10:41:26 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 7:36:08 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 8/23/2001 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 7:36:09 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 8/23/2001 12:00:00 PM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-30-2004 7:36:12 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft Windows Operating System
Created on : 9/15/2003 2:40:06 AM
Last accessed : 5/30/2004 7:47:37 PM
Last modified : 8/29/2002 10:41:24 AM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 7:36:12 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft Windows Operating System
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 8/23/2001 12:00:00 PM

#:9 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 5-30-2004 7:36:13 PM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 9/1/2003 5:44:15 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 7/17/2003 4:16:38 PM

#:10 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 5-30-2004 7:36:20 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 9/1/2003 5:44:10 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 11/15/2002 12:41:26 AM

#:11 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 7:36:23 PM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 6.14.10.5672
ProductVersion : 6.14.10.5672
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.72
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 56.72
Created on : 3/24/2004 4:04:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 3/24/2004 4:04:00 PM

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 7:36:24 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 7:21:01 PM
Last modified : 8/23/2001 12:00:00 PM

[MrHuggy]

Lavasoft Ad-aware Professional Build 158
Logfile created on :Sunday, May 30, 2004 12:49:52 PM
Using reference-file :0R150 05.07.2003
__________________________________________________ ____

Ad-aware Settings
=========================
Set : Activate in-depth scan
Set : Safe mode (always request confirmation)
Set : Skip non executable files
Set : Skip files larger than 4096 KB
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives


Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:13 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ThreadCreationTime : 5-30-2004 7:41:57 PM
BasePriority : Normal
FileSize : 100 KB
FileVersion : 1.03.01a
Copyright : Copyright VERITAS Software, Inc.
CompanyName : VERITAS Software, Inc.
FileDescription : Direct Access Component
Created on : 12/21/2003 7:08:55 PM
Last accessed : 5/30/2004 7:36:04 PM
Last modified : 3/1/2002 9:25:00 AM

#:14 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 5-30-2004 7:41:58 PM
BasePriority : Normal
FileSize : 360 KB
Created on : 5/23/2004 10:58:43 PM
Last accessed : 5/30/2004 7:36:04 PM
Last modified : 9/11/2002 2:26:26 AM

#:15 [ipclient.exe]
FilePath : C:\Program Files\Visual Networks\Visual IP InSight\SBC\
ThreadCreationTime : 5-30-2004 7:41:58 PM
BasePriority : Normal
FileSize : 372 KB
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
Copyright : Copyright 2003 Visual Networks Technologies, Inc.
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
OriginalFilename : ipclient32.exe
ProductName : Visual IP InSight
Created on : 5/23/2004 10:59:12 PM
Last accessed : 5/30/2004 7:36:04 PM
Last modified : 6/11/2003 6:52:24 AM

#:16 [ipmon32.exe]
FilePath : C:\Program Files\Visual Networks\Visual IP InSight\SBC\
ThreadCreationTime : 5-30-2004 7:41:58 PM
BasePriority : Normal
FileSize : 120 KB
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
Copyright : Copyright 2003 Visual Networks Technologies, Inc.
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
OriginalFilename : ipmon32.exe
ProductName : Visual IP InSight
Created on : 5/23/2004 10:59:12 PM
Last accessed : 5/30/2004 7:36:04 PM
Last modified : 6/11/2003 6:52:26 AM

#:17 [motivesb.exe]
FilePath : C:\PROGRA~1\SBCSEL~1\SMARTB~1\
ThreadCreationTime : 5-30-2004 7:41:59 PM
BasePriority : Normal
FileSize : 372 KB
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
Copyright : Copyright 1998-2003
CompanyName : Motive Communications, Inc.
FileDescription : SBC Self Support Tool Alerts
InternalName : version
OriginalFilename : version
ProductName : Motive System
Created on : 5/23/2004 11:08:49 PM
Last accessed : 5/30/2004 7:36:04 PM
Last modified : 12/10/2003 9:52:40 AM

#:18 [trht.exe]
FilePath : C:\Documents and Settings\Vic\Application Data\
ThreadCreationTime : 5-30-2004 7:41:59 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1, 0, 0, 1047
ProductVersion : 1.0
Copyright : Copyright (c) 2003-2004 PSD Tools, LLC
CompanyName : PSD Tools, LLC
FileDescription : ChannelUp v1.0
OriginalFilename : ChannelUp.exe
ProductName : ChannelUp
Created on : 2/7/2004 6:07:31 PM
Last accessed : 5/30/2004 7:39:47 PM
Last modified : 2/24/2004 1:45:35 PM

#:19 [mpbtn.exe]
FilePath : C:\Program Files\SBC Self Support Tool\bin\
ThreadCreationTime : 5-30-2004 7:42:19 PM
BasePriority : Normal
FileSize : 188 KB
Created on : 5/23/2004 11:08:45 PM
Last accessed : 5/30/2004 7:21:02 PM
Last modified : 10/10/2003 2:06:10 PM

#:20 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 5-30-2004 7:47:36 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft Windows Operating System
Created on : 9/15/2003 2:40:27 AM
Last accessed : 5/30/2004 7:47:36 PM
Last modified : 8/29/2002 10:41:26 AM

#:21 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5-30-2004 7:49:15 PM
BasePriority : Normal
FileSize : 760 KB
FileVersion : 6.0.1.158
ProductVersion : 6.0.0.0
Copyright : Copyright Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Professional
Created on : 5/30/2004 7:20:28 PM
Last accessed : 5/30/2004 7:47:31 PM
Last modified : 1/27/2003 5:42:22 PM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

12:53:45 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:03:52:875
Objects scanned :21004
Objects identified :0
Objects ignored :0
New objects :0

[Azn_tweaker]

1. update ur Reference File. the latest reference file is 01R312 30.05.2004 Now Available. ur reference file is really old
2. do an "Full Scan". "Full Scan" Guide
3. rescan and post an new log.

[GSM Super Star]

Go to www.webroot.com and download Spy Sweeper

Do a Full scan

Then set it to monitor you Homepage, Cookies & Memory.

It finds alot more than Ad-Aware and Spybot put together!

[Azn_tweaker]

thats not free.

Ad-aware and spybot best comb out there

[MrHuggy]

Thanks for the help. I just used the freeware version of spy sweeper. if all continues to go well i may purchase it. And you were right it picked up several things that ad-aware and spybot did not find. Thanks again.

[radspanner]

agree with the above post ..ran the free trial and it picked up 4 items that ad aware and spy bot both missed.

[GSM Super Star]

Its a great Program I have the Full version So I get auto updates etc... Well worth the money. Its good where it stops your Home Page from being Changed, Monitors your Memory and Deletes Tracking Cookies

Its by far the best program I have used

[MrHuggy]

Here is the thing though. The spy ware keeps returning. I used hijack this and cw shredder and then updated to sp1a for xp. i hope this takes care of things. if not im going to wipe and reload.

[MrHuggy]

|··· Monday, 31 May 2004 09:59 AM ···|
09:59 AM Sweeping memory for active software.
09:59 AM Memory sweep has completed.
09:59 AM Registry sweep completed.
09:59 AM Full Sweep has completed. Elapsed time 0 hours, 0 minutes, 11 seconds.
Files swept: 0
Software Located: 0
10:00 AM Sweeping memory for active software.
10:00 AM Memory sweep has completed.
Found: BlazeFind registry trace.
Found: CoolWWW registry trace.

Found: Qidion Toolbar registry trace.
Found: Search Explorer Toolbar registry trace.
Found: Search Explorer Toolbar registry trace.
Found: SearchIt Toolbar registry trace.
Found: Slotchbar registry trace.

Found: SubmitHook registry trace.

Found: TeenXXX (TinyBar) registry trace.
10:02 AM Registry sweep completed.
10:02 AM Full sweep on all local drives initiated.
10:02 AM Now sweeping drive C:
10:02 AM Sweep Canceled
10:02 AM Full Sweep has completed. Elapsed time 0 hours, 2 minutes, 17 seconds.
Files swept: 83
Software Located: 307
Spy Sweeper quarantined registry traces of: BlazeFind

Spy Sweeper quarantined registry traces of: CoolWWW

Spy Sweeper quarantined registry traces of: Qidion Toolbar

Spy Sweeper quarantined registry traces of: Search Explorer Toolbar

Spy Sweeper quarantined registry traces of: SearchIt Toolbar

Spy Sweeper quarantined registry traces of: Slotchbar

Spy Sweeper quarantined registry traces of: SubmitHook

Spy Sweeper quarantined registry traces of: TeenXXX (TinyBar)

This is what spy sweeper finds. And after i open iexplorer the very next time all of this is loaded right back on. What can i do to rid myself of this once and for all without having to run it everytime?

[GSM Super Star]

After you have scanned your computer does it say "Some Items are running in memory" or somthing like that??

If so you need to close as many processes down as possible by pressing [CTRL] + [ALT] + [DEL] then run it again

[o0krylon0o]

Try an online virus scan:
TrendMirco
or
Panda AvtiveScan
You might have a virus on your comp that your Virus Scanner is not picking up

[o0krylon0o]

Quote:

Originally posted by Azn_tweaker
1. update ur Reference File. the latest reference file is 01R312 30.05.2004 Now Available. ur reference file is really old

BTW you currently have Ad-Aware Professional build 158. The updates for this build were discontinued last year. You need to install the newer version from the website to have the latest build and refence files