spy sherriff

[Lucifer]

Hi,  got spy sherriff.  I think I got rid of most of it.  But found a password stealer today.  So I must not have.  Here is the HJT log from this morning.

If you can help it would be great.

Thanks

Tracy

Logfile of HijackThis v1.99.1
Scan saved at 9:52:09 AM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109374976150
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[guestolo]

Can you do the following please

If you have this tool, delete yours and download this version
Download SmitRem.exe by Noahdfear and save the file to your desktop.
DON'T run it yet
But make sure you download this version

Additionally,
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

Download and save to desktop the
Standalone version of CWShredder
Don't run this yet

Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Could I also get you too disable Ewido's guard, I don't want to take any chance of it interfering
Under the main Ewido screen
Under Additional
Uninstall the GUARD

Close out Ewido afterwards, don't reboot yet if prompted

I need you too disable Microsoft AntiSpyware protections so it won't interfere with any fixes we try
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Please  save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

You may choose to tick the next one too, not malicious
A registration reminder for creative products, not needed on startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: Well Ewido is running, don't open any other windows, let it do it's job

Afterwards, Open CWShredder.exe and click on the FIX button
Let it fix what it finds

Reboot back to Normal mode

Back in Windows, I need to see a few logs please
1. Scan and save logfile with Hijackthis again,  post a fresh log
2. Post the Whole contents of Ewido's report
3. Post the log made from SmitRem located here C:\Smitfiles.txt

[guestolo]

In case you haven't started the fixes yet
I included CWShredder.exe in the fixes, I edited my last post to reflect it

[Lucifer]

Logfile of HijackThis v1.99.1
Scan saved at 8:48:07 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109374976150
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         8:40:23 PM, 12/11/2005
 + Report-Checksum:      6C3C92E5

 + Scan result:

   :mozilla.21:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.67:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.131:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\marbleana-jones\yingw2if.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Samuel L. Jackson\Application Data\Mozilla\Profiles\vintagevogue\vil5el3i.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup


::Report End

smitrem did not find anything.  I can not find a log.  

Will check back to see what you think.  

Thank you very much

Tracy

[guestolo]

SmitRem should of produced a log

If you have the "MyComputer" icon on the desktop
Double click to open it
Or go to START>>MyComputer
Double click to open the C:\ drive folder

Inside this folder should be a text file called "Smitfiles"
Open the file
Click EDIT>>Select All
EDIT>>Copy then paste the whole contents back here please

[Lucifer]

Sorry I was looking for a folder not a file.  Here it is

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 704 'explorer.exe'

Starting registry repairs

Deleting files


   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

How's everything now on your end?

EDIT>>By the way, that wasn't the whole log for Smitfiles.txt
You cut off the top part of the log

No files found by SmitRem, but we did get the registry import done

[Lucifer]

Everything seems to be fine.  there does seem to be a problem with your donate link

Thanks

[guestolo]

Can you still do the following please for some final cleanup

If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature
Make sure you reenable system restore feature

Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection...."

[Lucifer]

System restore has been disabled for a long time.  

I downloaded that program.  

Thank you

Tracy

[guestolo]

Your welcome
I'll lock this topic as your problems are resolved
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />