Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware


  • Please log in to reply
6 replies to this topic

#1 mr allix

mr allix

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 16 October 2006 - 11:46 PM

i have been getting a few pop ups lately from IE, but i only use firefox? also i can not connect to google. im frightened.
here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:36:37 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\user2.0\MYDOCU~1\MBOLS~1\wucrtupd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\SYSTEM32\?racle\m?hta.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {D096646A-FCD8-8578-8AC8-F6DA1CBE69E7} - C:\WINDOWS\system32\fbea.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D096646A-FCD8-8578-8AC8-F6DA1CBE69E7} - C:\WINDOWS\system32\fbea.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\user2.0\MYDOCU~1\MBOLS~1\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Aybgigs] C:\WINDOWS\SYSTEM32\?racle\m?hta.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 October 2006 - 01:09 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 mr allix

mr allix
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 October 2006 - 10:27 PM

heres the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:46 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\SYSTEM32\?racle\m?hta.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {D096646A-FCD8-8578-8AC8-F6DA1CBE69E7} - C:\WINDOWS\system32\fbea.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D096646A-FCD8-8578-8AC8-F6DA1CBE69E7} - C:\WINDOWS\system32\fbea.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aybgigs] C:\WINDOWS\SYSTEM32\?racle\m?hta.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


and heres the spysweeper log:

10:13 PM: Removal process completed. Elapsed time 00:01:50
10:13 PM: A reboot was suggested but declined.
10:12 PM: Quarantining All Traces: whenu savenow
10:12 PM: Quarantining All Traces: gain - common components
10:12 PM: Quarantining All Traces: yadro cookie
10:12 PM: Quarantining All Traces: tshirthell cookie
10:12 PM: Quarantining All Traces: screensavers.com cookie
10:12 PM: Quarantining All Traces: redzip cookie
10:12 PM: Quarantining All Traces: popuptraffic cookie
10:12 PM: Quarantining All Traces: hermoment.com cookie
10:12 PM: Quarantining All Traces: burstbeacon cookie
10:12 PM: Quarantining All Traces: tripod cookie
10:12 PM: Quarantining All Traces: toplist cookie
10:12 PM: Quarantining All Traces: tickle cookie
10:12 PM: Quarantining All Traces: starware.com cookie
10:12 PM: Quarantining All Traces: serving-sys cookie
10:12 PM: Quarantining All Traces: adjuggler cookie
10:12 PM: Quarantining All Traces: rightmedia cookie
10:12 PM: Quarantining All Traces: reunion cookie
10:12 PM: Quarantining All Traces: pricegrabber cookie
10:12 PM: Quarantining All Traces: overture cookie
10:12 PM: Quarantining All Traces: ugo cookie
10:12 PM: Quarantining All Traces: kinghost cookie
10:12 PM: Quarantining All Traces: hypertracker.com cookie
10:12 PM: Quarantining All Traces: homestore cookie
10:12 PM: Quarantining All Traces: freestats.net cookie
10:12 PM: Quarantining All Traces: herfirstlesbiansex cookie
10:12 PM: Quarantining All Traces: gangbangsquad cookie
10:12 PM: Quarantining All Traces: wegcash cookie
10:12 PM: Quarantining All Traces: ccbill cookie
10:12 PM: Quarantining All Traces: enhance cookie
10:12 PM: Quarantining All Traces: burstnet cookie
10:12 PM: Quarantining All Traces: inet-traffic.com cookie
10:12 PM: Quarantining All Traces: azjmp cookie
10:12 PM: Quarantining All Traces: belnk cookie
10:12 PM: Quarantining All Traces: ask cookie
10:12 PM: Quarantining All Traces: askmen cookie
10:12 PM: Quarantining All Traces: casalemedia cookie
10:12 PM: Quarantining All Traces: falkag cookie
10:12 PM: Quarantining All Traces: atwola cookie
10:12 PM: Quarantining All Traces: apmebf cookie
10:12 PM: Quarantining All Traces: adultfriendfinder cookie
10:12 PM: Quarantining All Traces: pointroll cookie
10:12 PM: Quarantining All Traces: euniverseads cookie
10:12 PM: Quarantining All Traces: nextag cookie
10:12 PM: Quarantining All Traces: specificclick.com cookie
10:12 PM: Quarantining All Traces: precisead cookie
10:12 PM: Quarantining All Traces: hbmediapro cookie
10:12 PM: Quarantining All Traces: adlegend cookie
10:12 PM: Quarantining All Traces: adknowledge cookie
10:12 PM: Quarantining All Traces: adecn cookie
10:12 PM: Quarantining All Traces: yieldmanager cookie
10:12 PM: Quarantining All Traces: about cookie
10:12 PM: Quarantining All Traces: aa cookie
10:12 PM: Quarantining All Traces: websponsors cookie
10:12 PM: Quarantining All Traces: 888 cookie
10:12 PM: Quarantining All Traces: 66.70.21 cookie
10:12 PM: Quarantining All Traces: 64.62.232 cookie
10:12 PM: Quarantining All Traces: 2o7.net cookie
10:12 PM: Quarantining All Traces: whenu
10:12 PM: Quarantining All Traces: whenu searchbar/pricebandit
10:12 PM: Quarantining All Traces: my daily horoscope
10:12 PM: Quarantining All Traces: cpr
10:12 PM: Quarantining All Traces: ieplugin
10:12 PM: Quarantining All Traces: memorywatcher
10:12 PM: Quarantining All Traces: addestroyer
10:12 PM: Quarantining All Traces: bullguard popup ad
10:12 PM: Quarantining All Traces: kewlbar
10:12 PM: Quarantining All Traces: virtualbouncer
10:12 PM: Quarantining All Traces: tvmedia
10:12 PM: Quarantining All Traces: bho_sep
10:12 PM: Quarantining All Traces: seekseek.com hijack
10:12 PM: Quarantining All Traces: seekseek
10:12 PM: Quarantining All Traces: relatedlinks bho
10:12 PM: Quarantining All Traces: wild media - minigolf
10:12 PM: Quarantining All Traces: keenvalue/perfectnav
10:12 PM: Quarantining All Traces: ezula ilookup
10:12 PM: Quarantining All Traces: browser angel
10:12 PM: Quarantining All Traces: altnet
10:12 PM: Quarantining All Traces: backdoor-bdi
10:12 PM: Quarantining All Traces: e2g
10:12 PM: Quarantining All Traces: apropos
10:12 PM: Quarantining All Traces: adtomi
10:12 PM: Quarantining All Traces: winad
10:12 PM: Quarantining All Traces: elitemediagroup-mediamotor
10:12 PM: Quarantining All Traces: marketscore
10:12 PM: Quarantining All Traces: directrevenue-abetterinternet
10:12 PM: Quarantining All Traces: peper trojan
10:12 PM: Quarantining All Traces: lopdotcom
10:12 PM: Quarantining All Traces: wildmedia
10:12 PM: Quarantining All Traces: websearch toolbar
10:12 PM: Quarantining All Traces: ie driver
10:12 PM: Quarantining All Traces: 2nd-thought
10:12 PM: Quarantining All Traces: purityscan
10:11 PM: Removal process initiated
10:08 PM: Traces Found: 312
10:08 PM: Full Sweep has completed. Elapsed time 00:30:04
10:08 PM: File Sweep Complete, Elapsed Time: 00:28:10
10:05 PM: Warning: Stream read error
10:05 PM: Warning: Stream read error
10:04 PM: Warning: Failed to access drive E:
10:04 PM: Warning: Failed to access drive D:
10:04 PM: C:\WINDOWS\INF\alchem.inf (ID = 83109)
10:04 PM: C:\Program Files\FinalAlert 2 Yuri's Revenge\alchem.ini (ID = 83112)
10:04 PM: Found Adware: directrevenue-abetterinternet
10:04 PM: C:\WINDOWS\sepsd.bin (ID = 75367)
10:04 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\zy (ID = 88414)
10:03 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\TvmUpdater.exe (ID = 81767)
10:03 PM: C:\WINDOWS\lbbho.ini (ID = 73732)
10:03 PM: C:\Documents and Settings\user2.0\Application Data\tvmuknwrd.dll (ID = 81759)
10:01 PM: C:\WINDOWS\aqadcup.exe (ID = 50444)
10:01 PM: Found Trojan Horse: backdoor-bdi
10:01 PM: C:\WINDOWS\woinstall.exe (ID = 60700)
10:00 PM: C:\WINDOWS\setup_silent_17304.exe (ID = 70247)
10:00 PM: Found Adware: my daily horoscope
10:00 PM: C:\Documents and Settings\user2.0\My Documents\??mbols\wucrtupd.exe (ID = 230)
10:00 PM: C:\WINDOWS\MediaMotor25.exe (ID = 59400)
9:59 PM: C:\TVM_B5 Bundle 10.EXE (ID = 81784)
9:59 PM: C:\VVSN_STAT0641Inst.exe (ID = 74466)
9:59 PM: Found Adware: whenu savenow
9:56 PM: C:\WINDOWS\SYSTEM32\PopOops.dll (ID = 49037)
9:55 PM: C:\!PeperFix\Wdit.exe (ID = 72356)
9:55 PM: C:\!PeperFix\RkmsYif2.exe (ID = 72356)
9:54 PM: C:\!PeperFix\Khq4ae.exe (ID = 72365)
9:53 PM: C:\Program Files\E2G\IeBHOs.dll (ID = 59394)
9:53 PM: C:\!PeperFix\XlwA.exe (ID = 72356)
9:53 PM: C:\!PeperFix\TblWiZ.exe (ID = 72365)
9:52 PM: C:\Program Files\Aimfilez\uninstall.ico (ID = 65001)
9:52 PM: C:\WINDOWS\SYSTEM32\PopOops2.dll (ID = 49040)
9:52 PM: C:\WINDOWS\jawa32.bin (ID = 75325)
9:52 PM: C:\WINDOWS\jawa32.dat (ID = 75302)
9:52 PM: C:\WINDOWS\SYSTEM32\SWLAD2.dll (ID = 49042)
9:51 PM: C:\!PeperFix\Weg6u.exe (ID = 72365)
9:51 PM: C:\!PeperFix\XheTsnN3.exe (ID = 72365)
9:50 PM: C:\!PeperFix\KgmJ8U3.exe (ID = 72365)
9:50 PM: C:\WINDOWS\SYSTEM32\osmim.dll (ID = 69218)
9:49 PM: C:\WINDOWS\SYSTEM32\osconfig.dll (ID = 69214)
9:48 PM: C:\Program Files\CxtPls\CxtPls.dll (ID = 50074)
9:47 PM: C:\WINDOWS\Temp\BullGuard\bulldownload.exe (ID = 52017)
9:46 PM: C:\WINDOWS\cpruninst.exe (ID = 54730)
9:46 PM: Found Adware: cpr
9:45 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\iED.tmp (ID = 81622)
9:45 PM: C:\WINDOWS\kwv2.dat (ID = 63355)
9:45 PM: Found Adware: ieplugin
9:45 PM: c:\windows\downloaded program files\conflict.3\hdplugin1019.dll (ID = 61472)
9:45 PM: Found Adware: gain - common components
9:44 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\t9kgtpab (ID = 88977)
9:44 PM: C:\Program Files\CxtPls\WinGenerics.dll (ID = 50187)
9:44 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\__unin__.exe (ID = 49795)
9:44 PM: C:\Program Files\CxtPls\CxtPls.exe (ID = 50093)
9:43 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\TVM_B5.EXE (ID = 81785)
9:43 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\iB80C.tmp (ID = 81622)
9:43 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\t9KgTPab.exe (ID = 31)
9:43 PM: C:\!PeperFix\Ajcl.exe (ID = 72365)
9:43 PM: Found Trojan Horse: peper trojan
9:43 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\clicks.dll (ID = 88233)
9:43 PM: C:\Program Files\CxtPls\data.bin (ID = 50106)
9:43 PM: C:\Program Files\CxtPls\uninstaller.exe (ID = 50177)
9:43 PM: C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG (ID = 49035)
9:42 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\SEPinst.exe (ID = 75363)
9:42 PM: C:\WINDOWS\SYSTEM32\INNERVBINSTALL.LOG (ID = 82805)
9:42 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\mw_4s_stub.exe (ID = 69642)
9:42 PM: Found Adware: memorywatcher
9:42 PM: C:\Documents and Settings\user2.0\Application Data\tvmknwrd.dll (ID = 81726)
9:42 PM: C:\WINDOWS\SYSTEM32\ezPopStub.exe (ID = 60508)
9:42 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\WildWinTracker.exe (ID = 88931)
9:41 PM: C:\Documents and Settings\user2.0\Local Settings\Temp\addit.exe (ID = 88129)
9:41 PM: C:\WINDOWS\SYSTEM32\SWLAD1.dll (ID = 49041)
9:41 PM: Found Adware: addestroyer
9:41 PM: C:\WINDOWS\SYSTEM32\SWRT01.dll (ID = 82814)
9:40 PM: C:\WINDOWS\Temp\Altnet (ID = 2147485861)
9:40 PM: C:\WINDOWS\Temp\BullGuard (1 subtraces) (ID = 2147490887)
9:40 PM: Found Adware: bullguard popup ad
9:40 PM: C:\Program Files\Altnet\My Altnet Shares (3 subtraces) (ID = 2147485857)
9:40 PM: C:\Program Files\Altnet (4 subtraces) (ID = 2147485855)
9:40 PM: C:\Program Files\E2G (2 subtraces) (ID = 2147486222)
9:40 PM: Found Adware: e2g
9:40 PM: C:\Program Files\CxtPls (8 subtraces) (ID = 2147485878)
9:40 PM: Found Adware: apropos
9:40 PM: C:\Program Files\MaxSpeed (ID = 2147486444)
9:40 PM: Starting File Sweep
9:40 PM: Warning: Failed to access drive A:
9:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@yadro[2].txt (ID = 3743)
9:40 PM: Found Spy Cookie: yadro cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 3596)
9:40 PM: Found Spy Cookie: tshirthell cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 3298)
9:40 PM: Found Spy Cookie: screensavers.com cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 3250)
9:40 PM: Found Spy Cookie: redzip cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 3164)
9:40 PM: Found Spy Cookie: popuptraffic cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2774)
9:40 PM: Found Spy Cookie: hermoment.com cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 2337)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 2335)
9:40 PM: Found Spy Cookie: burstbeacon cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@tripod[1].txt (ID = 3591)
9:40 PM: Found Spy Cookie: tripod cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@toplist[1].txt (ID = 3557)
9:40 PM: Found Spy Cookie: toplist cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@tickle[2].txt (ID = 3529)
9:40 PM: Found Spy Cookie: tickle cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@starware[2].txt (ID = 3441)
9:40 PM: Found Spy Cookie: starware.com cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@serving-sys[2].txt (ID = 3343)
9:40 PM: Found Spy Cookie: serving-sys cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2071)
9:40 PM: Found Spy Cookie: adjuggler cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@rightmedia[1].txt (ID = 3259)
9:40 PM: Found Spy Cookie: rightmedia cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@reunion[2].txt (ID = 3255)
9:40 PM: Found Spy Cookie: reunion cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@pricegrabber[1].txt (ID = 3185)
9:40 PM: Found Spy Cookie: pricegrabber cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 1958)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 3106)
9:40 PM: Found Spy Cookie: overture cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@nextag[1].txt (ID = 5014)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 3609)
9:40 PM: Found Spy Cookie: ugo cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@kinghost[1].txt (ID = 2903)
9:40 PM: Found Spy Cookie: kinghost cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@inet-traffic[2].txt (ID = 2855)
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@hypertracker[1].txt (ID = 2817)
9:40 PM: Found Spy Cookie: hypertracker.com cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@homestore[2].txt (ID = 2793)
9:40 PM: Found Spy Cookie: homestore cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 2705)
9:40 PM: Found Spy Cookie: freestats.net cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@herfirstlesbiansex[2].txt (ID = 2771)
9:40 PM: Found Spy Cookie: herfirstlesbiansex cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@gangbangsquad[1].txt (ID = 2720)
9:40 PM: Found Spy Cookie: gangbangsquad cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2038)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 3682)
9:40 PM: Found Spy Cookie: wegcash cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2293)
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@ccbill[1].txt (ID = 2369)
9:40 PM: Found Spy Cookie: ccbill cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2614)
9:40 PM: Found Spy Cookie: enhance cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@burstnet[1].txt (ID = 2336)
9:40 PM: Found Spy Cookie: burstnet cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@belnk[1].txt (ID = 2292)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 2856)
9:40 PM: Found Spy Cookie: inet-traffic.com cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@azjmp[1].txt (ID = 2270)
9:40 PM: Found Spy Cookie: azjmp cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@atwola[2].txt (ID = 2255)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2293)
9:40 PM: Found Spy Cookie: belnk cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@ask[1].txt (ID = 2245)
9:40 PM: Found Spy Cookie: ask cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@askmen[2].txt (ID = 2247)
9:40 PM: Found Spy Cookie: askmen cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 2355)
9:40 PM: Found Spy Cookie: casalemedia cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2650)
9:40 PM: Found Spy Cookie: falkag cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2256)
9:40 PM: Found Spy Cookie: atwola cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@apmebf[1].txt (ID = 2229)
9:40 PM: Found Spy Cookie: apmebf cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@adultfriendfinder[2].txt (ID = 2165)
9:40 PM: Found Spy Cookie: adultfriendfinder cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 3148)
9:40 PM: Found Spy Cookie: pointroll cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 2630)
9:40 PM: Found Spy Cookie: euniverseads cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 5015)
9:40 PM: Found Spy Cookie: nextag cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 3400)
9:40 PM: Found Spy Cookie: specificclick.com cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 3182)
9:40 PM: Found Spy Cookie: precisead cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 2768)
9:40 PM: Found Spy Cookie: hbmediapro cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@adlegend[1].txt (ID = 2074)
9:40 PM: Found Spy Cookie: adlegend cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@adknowledge[2].txt (ID = 2072)
9:40 PM: Found Spy Cookie: adknowledge cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@adecn[1].txt (ID = 2063)
9:40 PM: Found Spy Cookie: adecn cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 3751)
9:40 PM: Found Spy Cookie: yieldmanager cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@about[2].txt (ID = 2037)
9:40 PM: Found Spy Cookie: about cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@aa[1].txt (ID = 2029)
9:40 PM: Found Spy Cookie: aa cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 3665)
9:40 PM: Found Spy Cookie: websponsors cookie
9:40 PM: c:\documents and settings\user2.0\cookies\user2.0@888[1].txt (ID = 2019)
9:40 PM: Found Spy Cookie: 888 cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 1999)
9:40 PM: Found Spy Cookie: 66.70.21 cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][6].txt (ID = 1987)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][4].txt (ID = 1987)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][3].txt (ID = 1987)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 1987)
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][1].txt (ID = 1987)
9:40 PM: Found Spy Cookie: 64.62.232 cookie
9:40 PM: c:\documents and settings\user2.0\cookies\[email protected][2].txt (ID = 1958)
9:40 PM: Found Spy Cookie: 2o7.net cookie
9:40 PM: Starting Cookie Sweep
9:40 PM: Registry Sweep Complete, Elapsed Time:00:00:15
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\wintools\ (ID = 646241)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\microsoft\internet explorer\main\ || updater (ID = 146721)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\wintools\ (ID = 146514)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\sep\ (ID = 141642)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\microsoft\windows\currentversion\run\ || aida (ID = 130496)
9:40 PM: Found Adware: lopdotcom
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\softomate\ (ID = 129548)
9:40 PM: Found Adware: kewlbar
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\web offer\ (ID = 126300)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {952ec978-4920-4f18-8237-91d69b54c580} (ID = 105017)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\softomate\batoolbar\ (ID = 105014)
9:40 PM: HKU\S-1-5-21-2505427990-3127110238-2806653273-1007\software\margo\ (ID = 103219)
9:40 PM: Found Adware: adtomi
9:40 PM: HKLM\software\classes\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\ (ID = 635556)
9:40 PM: HKCR\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\ (ID = 635414)
9:40 PM: HKCR\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\ (ID = 635414)
9:40 PM: Found Adware: whenu
9:40 PM: HKLM\software\classes\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\ (ID = 476604)
9:40 PM: HKCR\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\ (ID = 392235)
9:40 PM: HKCR\winadx.installer\ (ID = 147248)
9:40 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadx.dll (ID = 147226)
9:40 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadx.dll\ (ID = 147198)
9:40 PM: HKLM\software\classes\winadx.installer\ (ID = 147180)
9:40 PM: Found Adware: winad
9:40 PM: HKCR\typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}\ (ID = 146964)
9:40 PM: HKLM\software\midaddle\ (ID = 146961)
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\midaddle\ (ID = 146957)
9:40 PM: HKLM\software\classes\typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}\ (ID = 146713)
9:40 PM: HKLM\software\classes\searchhelp\ (ID = 146711)
9:40 PM: HKLM\software\classes\interface\{e318d698-27b3-44d5-8998-c35eafb9c034}\ (ID = 146710)
9:40 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146709)
9:40 PM: HKLM\software\classes\appid\searchhelp.dll\ (ID = 146698)
9:40 PM: HKCR\searchhelp\ (ID = 146697)
9:40 PM: HKCR\interface\{e318d698-27b3-44d5-8998-c35eafb9c034}\ (ID = 146696)
9:40 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146695)
9:40 PM: HKCR\appid\searchhelp.dll\ (ID = 146687)
9:40 PM: Found Adware: wildmedia
9:40 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow_as2.dll (ID = 146497)
9:40 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (ID = 146482)
9:40 PM: Found Adware: websearch toolbar
9:40 PM: HKCR\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (ID = 145565)
9:40 PM: HKLM\software\classes\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (ID = 145551)
9:40 PM: HKLM\software\classes\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (ID = 145549)
9:40 PM: Found Adware: virtualbouncer
9:40 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145311)
9:40 PM: Found Adware: tvmedia
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sep\ (ID = 141641)
9:40 PM: HKLM\software\classes\interface\{af286cea-635d-40c5-a891-b40a0f520539}\ (ID = 141633)
9:40 PM: HKLM\software\classes\interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}\ (ID = 141632)
9:40 PM: HKCR\interface\{af286cea-635d-40c5-a891-b40a0f520539}\ (ID = 141625)
9:40 PM: HKCR\interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}\ (ID = 141624)
9:40 PM: Found Adware: bho_sep
9:40 PM: HKLM\software\microsoft\internet explorer\search\ || search assistant (ID = 141574)
9:40 PM: Found Adware: seekseek.com hijack
9:40 PM: HKLM\software\jawa32\ (ID = 141529)
9:40 PM: HKLM\software\classes\interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}\ (ID = 141521)
9:40 PM: HKCR\interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}\ (ID = 141508)
9:40 PM: Found Adware: seekseek
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\mediamotor\ (ID = 140209)
9:40 PM: Found Adware: elitemediagroup-mediamotor
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (ID = 139388)
9:40 PM: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (ID = 139376)
9:40 PM: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (ID = 139367)
9:40 PM: Found Adware: relatedlinks bho
9:40 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
9:40 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\mediaticketsinstaller.ocx (ID = 139075)
9:40 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (ID = 137986)
9:40 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/conflict.1/mediaticketsinstaller.ocx\ (ID = 137984)
9:40 PM: HKLM\software\minigolf\ (ID = 135062)
9:40 PM: Found Adware: wild media - minigolf
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relevantknowledge\ (ID = 134764)
9:40 PM: Found Adware: marketscore
9:40 PM: HKLM\software\perfectnav\ (ID = 129516)
9:40 PM: Found Adware: keenvalue/perfectnav
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (ID = 128065)
9:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{8f9fbeb8-d216-4d6c-8d21-513157e09c0d}\ (ID = 128062)
9:40 PM: HKLM\software\maxspeed\ (ID = 127929)
9:40 PM: Found Adware: ie driver
9:40 PM: HKCR\typelib\{baf13496-8f72-47a1-9cee-09238efc75f0}\ (ID = 126308)
9:40 PM: HKCR\typelib\{370f6327-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126306)
9:40 PM: HKLM\software\microsoft\internet explorer\explorer bars\{a166c1b0-5cdb-447a-894a-4b9fd7149d51}\ (ID = 126287)
9:40 PM: HKLM\software\microsoft\internet explorer\explorer bars\{50b4d2b3-723f-41b3-aec4-0bd66f0f45ff}\ (ID = 126286)
9:40 PM: HKLM\software\classes\typelib\{baf13496-8f72-47a1-9cee-09238efc75f0}\ (ID = 126283)
9:40 PM: HKLM\software\classes\typelib\{370f6327-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126281)
9:40 PM: HKLM\software\classes\typelib\{9cfa26c1-81da-4c9d-a501-f144a4a000fa}\ (ID = 126280)
9:40 PM: HKLM\software\classes\interface\{efa52460-8822-4191-ba38-facdd2007910}\ (ID = 126275)
9:40 PM: HKLM\software\classes\interface\{241667a3-ec83-4885-84dd-c2daafc1c5ea}\ (ID = 126270)
9:40 PM: HKLM\software\classes\interface\{25630b50-53c6-4e66-a945-9d7b6b2171ff}\ (ID = 126269)
9:40 PM: HKLM\software\classes\interface\{955cbf48-4313-4b1f-872b-254b7822ccf2}\ (ID = 126267)
9:40 PM: HKLM\software\classes\interface\{788c6f6e-c2ea-4a63-9c38-ce7d8f43bce4}\ (ID = 126266)
9:40 PM: HKLM\software\classes\interface\{370f6353-41c4-4fa6-a2df-1ba57ee0fbb9}\typelib\ (ID = 126265)
9:40 PM: HKLM\software\classes\interface\{370f6353-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126264)
9:40 PM: HKLM\software\classes\interface\{370f6327-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126263)
9:40 PM: HKLM\software\classes\interface\{78bcf936-45b0-40a7-9391-dcc03420db35}\ (ID = 126262)
9:40 PM: HKLM\software\classes\interface\{9cfa26c2-81da-4c9d-a501-f144a4a000fa}\ (ID = 126259)
9:40 PM: HKLM\software\classes\clsid\{f75521b8-76f1-4a4d-84b1-9e642e9c51d0}\ (ID = 126238)
9:40 PM: HKLM\software\classes\clsid\{a166c1b0-5cdb-447a-894a-4b9fd7149d51}\ (ID = 126232)
9:40 PM: HKLM\software\classes\clsid\{25630b47-53c6-4e66-a945-9d7b6b2171ff}\ (ID = 126228)
9:40 PM: HKLM\software\classes\clsid\{788c6f6f-c2ea-4a63-9c38-ce7d8f43bce4}\ (ID = 126226)
9:40 PM: HKLM\software\classes\clsid\{370f6354-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126225)
9:40 PM: HKLM\software\classes\clsid\{78bcf937-45b0-40a7-9391-dcc03420db35}\ (ID = 126224)
9:40 PM: HKLM\software\classes\clsid\{50b4d2b3-723f-41b3-aec4-0bd66f0f45ff}\ (ID = 126223)
9:40 PM: HKLM\software\classes\clsid\{9cfa26c0-81da-4c9d-a501-f144a4a000fa}\ (ID = 126220)
9:40 PM: HKLM\software\classes\clsid\{6df5e318-6994-4a41-85bd-45ccada616f8}\ (ID = 126219)
9:40 PM: HKLM\software\classes\appid\{0818d423-6247-11d1-abee-00d049c10000}\ (ID = 126210)
9:40 PM: HKLM\software\classes\appid\atlbrowser.exe\ (ID = 126207)
9:40 PM: HKCR\interface\{efa52460-8822-4191-ba38-facdd2007910}\ (ID = 126204)
9:40 PM: HKCR\interface\{241667a3-ec83-4885-84dd-c2daafc1c5ea}\ (ID = 126199)
9:40 PM: HKCR\interface\{25630b50-53c6-4e66-a945-9d7b6b2171ff}\ (ID = 126198)
9:40 PM: HKCR\interface\{955cbf48-4313-4b1f-872b-254b7822ccf2}\ (ID = 126196)
9:40 PM: HKCR\interface\{788c6f6e-c2ea-4a63-9c38-ce7d8f43bce4}\ (ID = 126195)
9:40 PM: HKCR\interface\{370f6353-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126194)
9:40 PM: HKCR\interface\{370f6327-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126193)
9:40 PM: HKCR\interface\{78bcf936-45b0-40a7-9391-dcc03420db35}\ (ID = 126192)
9:40 PM: HKCR\interface\{9cfa26c2-81da-4c9d-a501-f144a4a000fa}\ (ID = 126189)
9:40 PM: HKCR\clsid\{f75521b8-76f1-4a4d-84b1-9e642e9c51d0}\ (ID = 126151)
9:40 PM: HKCR\clsid\{a166c1b0-5cdb-447a-894a-4b9fd7149d51}\ (ID = 126145)
9:40 PM: HKCR\clsid\{25630b47-53c6-4e66-a945-9d7b6b2171ff}\ (ID = 126140)
9:40 PM: HKCR\clsid\{788c6f6f-c2ea-4a63-9c38-ce7d8f43bce4}\ (ID = 126138)
9:40 PM: HKCR\clsid\{370f6354-41c4-4fa6-a2df-1ba57ee0fbb9}\ (ID = 126137)
9:40 PM: HKCR\clsid\{50b4d2b3-723f-41b3-aec4-0bd66f0f45ff}\ (ID = 126136)
9:40 PM: HKCR\clsid\{9cfa26c0-81da-4c9d-a501-f144a4a000fa}\ (ID = 126133)
9:40 PM: HKCR\clsid\{6df5e318-6994-4a41-85bd-45ccada616f8}\ (ID = 126132)
9:40 PM: HKCR\appid\{0818d423-6247-11d1-abee-00d049c10000}\ (ID = 126124)
9:40 PM: HKCR\appid\atlbrowser.exe\ (ID = 126121)
9:40 PM: Found Adware: ezula ilookup
9:40 PM: HKLM\software\classes\typelib\{c03ec1bf-654e-4b01-bd4e-0902ad31f8c6}\ (ID = 105026)
9:40 PM: HKLM\software\classes\interface\{92b1c4ac-39a6-469c-a1e4-bd3ddc6f8425}\ (ID = 105025)
9:40 PM: HKLM\software\classes\interface\{43e7f027-c2d6-41b3-a5de-261e0e42211c}\ (ID = 105024)
9:40 PM: HKLM\software\classes\clsid\{d6ca5d91-5ea2-4654-9b75-499267012611}\ (ID = 105023)
9:40 PM: HKLM\software\classes\clsid\{952ec978-4920-4f18-8237-91d69b54c580}\ (ID = 105022)
9:40 PM: HKLM\software\classes\mytoolbar.tbar\ (ID = 105021)
9:40 PM: HKLM\software\classes\mytoolbar.bandsidepanel\ (ID = 105020)
9:40 PM: HKLM\software\classes\mytoolbar.tbar.1\ (ID = 105019)
9:40 PM: HKLM\software\classes\mytoolbar.bandsidepanel.1\ (ID = 105018)
9:40 PM: HKLM\software\microsoft\internet explorer\explorer bars\ || {d6ca5d91-5ea2-4654-9b75-499267012611} (ID = 105016)
9:40 PM: HKCR\typelib\{c03ec1bf-654e-4b01-bd4e-0902ad31f8c6}\ (ID = 105013)
9:40 PM: HKCR\interface\{92b1c4ac-39a6-469c-a1e4-bd3ddc6f8425}\ (ID = 105012)
9:40 PM: HKCR\interface\{43e7f027-c2d6-41b3-a5de-261e0e42211c}\ (ID = 105011)
9:40 PM: HKCR\clsid\{d6ca5d91-5ea2-4654-9b75-499267012611}\ (ID = 105010)
9:40 PM: HKCR\clsid\{952ec978-4920-4f18-8237-91d69b54c580}\ (ID = 105009)
9:40 PM: HKCR\mytoolbar.tbar.1\ (ID = 105008)
9:40 PM: HKCR\mytoolbar.bandsidepanel.1\ (ID = 105007)
9:40 PM: HKCR\mytoolbar.tbar\ (ID = 105006)
9:40 PM: HKCR\mytoolbar.bandsidepanel\ (ID = 105005)
9:40 PM: Found Adware: browser angel
9:40 PM: HKLM\software\classes\appid\altnet signing module.exe\ (ID = 103489)
9:40 PM: HKLM\software\classes\appid\adm.exe\ (ID = 103488)
9:40 PM: HKLM\software\classes\adm25.adm25\ (ID = 103487)
9:40 PM: HKLM\software\classes\adm25.adm25.1\ (ID = 103486)
9:40 PM: HKLM\software\classes\adm4.adm4\ (ID = 103485)
9:40 PM: HKLM\software\classes\adm4.adm4.1\ (ID = 103484)
9:40 PM: HKCR\appid\altnet signing module.exe\ (ID = 103449)
9:40 PM: HKCR\appid\adm.exe\ (ID = 103448)
9:40 PM: HKCR\adm25.adm25\ (ID = 103446)
9:40 PM: HKCR\adm25.adm25.1\ (ID = 103445)
9:40 PM: HKCR\adm4.adm4\ (ID = 103444)
9:40 PM: HKCR\adm4.adm4.1\ (ID = 103443)
9:40 PM: Found Adware: altnet
9:40 PM: HKCR\swrt01.rt\ (ID = 102024)
9:40 PM: HKLM\software\classes\swrt01.rt\ (ID = 102002)
9:40 PM: HKLM\software\classes\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (ID = 102001)
9:40 PM: HKLM\software\classes\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (ID = 102000)
9:40 PM: HKLM\software\classes\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (ID = 101999)
9:40 PM: HKLM\software\classes\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (ID = 101998)
9:40 PM: HKLM\software\classes\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (ID = 101997)
9:40 PM: HKLM\software\classes\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (ID = 101996)
9:40 PM: HKLM\software\classes\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (ID = 101995)
9:40 PM: HKLM\software\classes\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (ID = 101994)
9:40 PM: HKLM\software\classes\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (ID = 101993)
9:40 PM: HKCR\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (ID = 101986)
9:40 PM: HKCR\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (ID = 101985)
9:40 PM: HKCR\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (ID = 101984)
9:40 PM: HKCR\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (ID = 101983)
9:40 PM: HKCR\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (ID = 101982)
9:40 PM: HKCR\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (ID = 101981)
9:40 PM: HKCR\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (ID = 101980)
9:40 PM: HKCR\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (ID = 101979)
9:40 PM: HKCR\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (ID = 101978)
9:40 PM: HKCR\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (ID = 101977)
9:40 PM: Found Trojan Horse: 2nd-thought
9:40 PM: Starting Registry Sweep
9:40 PM: Memory Sweep Complete, Elapsed Time: 00:01:21
9:39 PM: Detected running threat: C:\Documents and Settings\user2.0\My Documents\??mbols\wucrtupd.exe (ID = 230)
9:39 PM: Found Adware: purityscan
9:38 PM: Starting Memory Sweep
9:38 PM: HKCR\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\localserver32\ (ID = 1187995)
9:38 PM: Found Adware: whenu searchbar/pricebandit
9:38 PM: Sweep initiated using definitions version 691
9:38 PM: Spy Sweeper 5.0.5.1286 started
9:38 PM: | Start of Session, Wednesday, October 18, 2006 |
********
9:38 PM: | End of Session, Wednesday, October 18, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:35 PM: Shield States
9:34 PM: Spyware Definitions: 691
9:34 PM: Spy Sweeper 5.0.5.1286 started
9:34 PM: Spy Sweeper 5.0.5.1286 started
9:34 PM: | Start of Session, Wednesday, October 18, 2006 |
********

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 October 2006 - 12:06 PM

You may want to print this or save it to notepad as we will go to safe mode.

Add remove programs – remove all occurrences of Viewpoint – I would also remove Ares as P2P programs are a likely source of infection

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {D096646A-FCD8-8578-8AC8-F6DA1CBE69E7} - C:\WINDOWS\system32\fbea.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {D096646A-FCD8-8578-8AC8-F6DA1CBE69E7} - C:\WINDOWS\system32\fbea.dll

O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKCU\..\Run: [Aybgigs] C:\WINDOWS\SYSTEM32\?racle\m?hta.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\?racle
C:\WINDOWS\system32\fbea.dll
C:\Program Files\Viewpoint

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 mr allix

mr allix
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 October 2006 - 04:40 PM

i removed ares and viewpoint in the control panel and when going to fix things in hijack this
" O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
was not there.
here is my new log


Logfile of HijackThis v1.99.1
Scan saved at 4:35:09 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 October 2006 - 05:03 PM

Clean Posted Image

Restore points
Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 mr allix

mr allix
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 October 2006 - 05:20 PM

thanks for the help you guys have never failed. i always recomend this site to others




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users