Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable Remove Trojan.vundo And Winfixer


  • Please log in to reply
7 replies to this topic

#1 Phils

Phils

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 04 December 2005 - 04:16 PM

Hi. Frustrated here. Am running Norton Internet Security with NAV- always latest definitions. Registered copy of AdAware and AdWatch. Still got the WinFixer popup and then NAV detected Trojan.Vundo. Have run Symantec FixVundo in Safe Mode after disabling System Restire (Windows XP Media Center). Have run SpyBot Search & Destroy, later disabled TeaTimer protection per intructions below:

http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/

NAV and McAffee Stinger both show no virus. I never did the see the 02 MSEvents Object or 020 Winlogon Notify in HiJackThis log.

When I restart and run IE I see an event in AdWatch saying it sees a registry change. Below is HiJackThis Log FOLLOWED BY AdWatch event log. I'd really, really appreciate help wit this guys/gals. THANKS!


Logfile of HijackThis v1.99.1
Scan saved at 4:10:03 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\AOL\1116776181\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLServiceHost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1116776181\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=06880
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Pluck Toolbar - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116776181\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client402/kdx.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Navpomrcfio - Unknown owner - (no file)
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


AdWatch Log:

Ad-Watch Logfile, exported on 12/4/2005
Total number of events:4
===============================================
12/4/2005 11:03:25 AM - Definitions file SE1R76 22.11.2005 loaded successfully.
Build:SE1R76 22.11.2005
Total Signatures :44435
Target Families :784
Target Categories :6
CSI data Size :76092

File Size :1646316

===============================================
12/4/2005 11:03:25 AM - User preferences file loaded.
Ad-Watch preference file loaded.
Applying user settings
C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft\Ad-Aware\awsettings.awc
Initialization complete.




===============================================
12/4/2005 11:03:27 AM - Sites file loaded.
Sites file loaded successfully.
C:\Program Files\Lavasoft\Ad-Aware SE Plus\sites.txt
Total entries : 3223





===============================================
12/4/2005 11:06:45 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:NI.UWFX5_0001_N56M0311
Data:"C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag
New Data:"C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag

BC AdBot (Login to Remove)

 


#2 Phils

Phils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 04 December 2005 - 05:33 PM

I did just download Webroot SpySweeper, updated its files and ran a sweep. Below is the log from the SpySweeper session. I will aslo reboot and run HJT again and post that log as well.
thanks for any help!
Phil

********
4:55 PM: | Start of Session, Sunday, December 04, 2005 |
4:55 PM: Spy Sweeper started
4:55 PM: Sweep initiated using definitions version 577
4:55 PM: Starting Memory Sweep
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:56 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:57 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: Memory Sweep Complete, Elapsed Time: 00:03:10
4:58 PM: Starting Registry Sweep
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:58 PM: Registry Sweep Complete, Elapsed Time:00:00:27
4:58 PM: Starting Cookie Sweep
4:58 PM: Found Spy Cookie: specificclick.com cookie
4:58 PM: sabina@adopt.specificclick[2].txt (ID = 3400)
4:58 PM: Found Spy Cookie: askmen cookie
4:58 PM: sabina@askmen[1].txt (ID = 2247)
4:58 PM: Found Spy Cookie: atwola cookie
4:58 PM: sabina@atwola[1].txt (ID = 2255)
4:58 PM: Found Spy Cookie: banner cookie
4:58 PM: sabina@banner[1].txt (ID = 2276)
4:58 PM: Found Spy Cookie: burstnet cookie
4:58 PM: sabina@burstnet[2].txt (ID = 2336)
4:58 PM: Found Spy Cookie: belnk cookie
4:58 PM: sabina@dist.belnk[2].txt (ID = 2293)
4:58 PM: Found Spy Cookie: go.com cookie
4:58 PM: sabina@go[1].txt (ID = 2728)
4:58 PM: Found Spy Cookie: adjuggler cookie
4:58 PM: sabina@rotator.adjuggler[2].txt (ID = 2071)
4:58 PM: Found Spy Cookie: tracking cookie
4:58 PM: sabina@tracking[2].txt (ID = 3571)
4:58 PM: Found Spy Cookie: web-stat cookie
4:58 PM: sabina@www.web-stat[2].txt (ID = 3649)
4:58 PM: Found Spy Cookie: websponsors cookie
4:58 PM: hp_administrator@a.websponsors[1].txt (ID = 3665)
4:58 PM: hp_administrator@abclocal.go[1].txt (ID = 2729)
4:58 PM: hp_administrator@abcnews.go[1].txt (ID = 2729)
4:58 PM: Found Spy Cookie: ad-rotator cookie
4:58 PM: hp_administrator@ad-rotator[1].txt (ID = 2051)
4:58 PM: Found Spy Cookie: reunion cookie
4:58 PM: hp_administrator@ad.reunion[1].txt (ID = 3256)
4:58 PM: Found Spy Cookie: yieldmanager cookie
4:58 PM: hp_administrator@ad.yieldmanager[1].txt (ID = 3751)
4:58 PM: Found Spy Cookie: adlegend cookie
4:58 PM: hp_administrator@adlegend[2].txt (ID = 2074)
4:58 PM: Found Spy Cookie: precisead cookie
4:58 PM: hp_administrator@adopt.precisead[1].txt (ID = 3182)
4:58 PM: hp_administrator@adopt.specificclick[2].txt (ID = 3400)
4:58 PM: Found Spy Cookie: anm.co.uk cookie
4:58 PM: hp_administrator@anm.co[2].txt (ID = 2223)
4:58 PM: hp_administrator@askmen[1].txt (ID = 2247)
4:58 PM: Found Spy Cookie: ask cookie
4:58 PM: hp_administrator@ask[1].txt (ID = 2245)
4:58 PM: hp_administrator@ath.belnk[2].txt (ID = 2293)
4:58 PM: hp_administrator@atwola[1].txt (ID = 2255)
4:58 PM: Found Spy Cookie: azjmp cookie
4:58 PM: hp_administrator@azjmp[2].txt (ID = 2270)
4:58 PM: Found Spy Cookie: a cookie
4:58 PM: hp_administrator@a[1].txt (ID = 2027)
4:58 PM: hp_administrator@banner[2].txt (ID = 2276)
4:58 PM: hp_administrator@belnk[2].txt (ID = 2292)
4:58 PM: Found Spy Cookie: barelylegal cookie
4:58 PM: hp_administrator@c.fsx[1].txt (ID = 2286)
4:58 PM: Found Spy Cookie: cardomain cookie
4:58 PM: hp_administrator@cardomain[1].txt (ID = 2350)
4:58 PM: Found Spy Cookie: tickle cookie
4:58 PM: hp_administrator@cookie.tickle[1].txt (ID = 3530)
4:58 PM: Found Spy Cookie: customer cookie
4:58 PM: hp_administrator@customer[1].txt (ID = 2481)
4:58 PM: Found Spy Cookie: about cookie
4:58 PM: hp_administrator@desktoppub.about[1].txt (ID = 2038)
4:58 PM: Found Spy Cookie: did-it cookie
4:58 PM: hp_administrator@did-it[1].txt (ID = 2523)
4:58 PM: hp_administrator@dist.belnk[1].txt (ID = 2293)
4:58 PM: hp_administrator@espn.go[2].txt (ID = 2729)
4:58 PM: hp_administrator@german.about[1].txt (ID = 2038)
4:58 PM: hp_administrator@go[1].txt (ID = 2728)
4:58 PM: Found Spy Cookie: 2o7.net cookie
4:58 PM: hp_administrator@highbeam.122.2o7[1].txt (ID = 1958)
4:58 PM: Found Spy Cookie: homestore cookie
4:58 PM: hp_administrator@homestore[2].txt (ID = 2793)
4:58 PM: Found Spy Cookie: ic-live cookie
4:58 PM: hp_administrator@ic-live[1].txt (ID = 2821)
4:58 PM: Found Spy Cookie: infospace cookie
4:58 PM: hp_administrator@infospace[2].txt (ID = 2865)
4:58 PM: Found Spy Cookie: megago cookie
4:58 PM: hp_administrator@kenpokarate.freeservers[2].txt (ID = 2983)
4:58 PM: hp_administrator@microsofteup.112.2o7[2].txt (ID = 1958)
4:58 PM: Found Spy Cookie: mygeek cookie
4:58 PM: hp_administrator@mygeek[1].txt (ID = 3041)
4:58 PM: Found Spy Cookie: nextag cookie
4:58 PM: hp_administrator@nextag[2].txt (ID = 5014)
4:58 PM: Found Spy Cookie: paypopup cookie
4:58 PM: hp_administrator@paypopup[1].txt (ID = 3119)
4:58 PM: hp_administrator@politicalhumor.about[2].txt (ID = 2038)
4:58 PM: hp_administrator@reunion[2].txt (ID = 3255)
4:58 PM: Found Spy Cookie: rightmedia cookie
4:58 PM: hp_administrator@rightmedia[2].txt (ID = 3259)
4:58 PM: hp_administrator@rotator.adjuggler[2].txt (ID = 2071)
4:58 PM: hp_administrator@rsi.abcnews.go[1].txt (ID = 2729)
4:58 PM: hp_administrator@rsi.espn.go[1].txt (ID = 2729)
4:58 PM: hp_administrator@saltfishing.about[1].txt (ID = 2038)
4:58 PM: hp_administrator@sports.espn.go[1].txt (ID = 2729)
4:58 PM: Found Spy Cookie: reliablestats cookie
4:58 PM: hp_administrator@stats1.reliablestats[1].txt (ID = 3254)
4:58 PM: Found Spy Cookie: clicktracks cookie
4:58 PM: hp_administrator@stats2.clicktracks[2].txt (ID = 2407)
4:58 PM: Found Spy Cookie: dbbsrv cookie
4:58 PM: hp_administrator@statueofliberty.com.27995.fb.dbbsrv[1].txt (ID = 2500)
4:58 PM: hp_administrator@tracking[2].txt (ID = 3571)
4:58 PM: Found Spy Cookie: trb.com cookie
4:58 PM: hp_administrator@trb[1].txt (ID = 3587)
4:58 PM: Found Spy Cookie: clickzs cookie
4:58 PM: hp_administrator@vip.clickzs[2].txt (ID = 2413)
4:58 PM: Found Spy Cookie: burstbeacon cookie
4:58 PM: hp_administrator@www.burstbeacon[1].txt (ID = 2335)
4:58 PM: Found Spy Cookie: collegebleeptour cookie
4:58 PM: hp_administrator@www.collegebleeptour[2].txt (ID = 2440)
4:58 PM: Found Spy Cookie: myaffiliateprogram.com cookie
4:58 PM: hp_administrator@www.myaffiliateprogram[2].txt (ID = 3032)
4:58 PM: hp_administrator@www.web-stat[2].txt (ID = 3649)
4:58 PM: Found Spy Cookie: xiti cookie
4:58 PM: hp_administrator@xiti[1].txt (ID = 3717)
4:58 PM: Found Spy Cookie: yadro cookie
4:58 PM: hp_administrator@yadro[2].txt (ID = 3743)
4:58 PM: hp_administrator@ypng.infospace[1].txt (ID = 2866)
4:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
4:58 PM: Starting File Sweep
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:59 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:00 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:01 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:02 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:03 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:04 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:05 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:06 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:07 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:08 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:09 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:10 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:11 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:12 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:13 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:14 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:15 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:16 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:17 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:18 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:19 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:20 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:21 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:22 PM: File Sweep Complete, Elapsed Time: 00:23:51
5:22 PM: Full Sweep has completed. Elapsed time 00:27:37
5:22 PM: Traces Found: 68
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:23 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:24 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:25 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: Removal process initiated
5:26 PM: Quarantining All Traces: 2o7.net cookie
5:26 PM: Quarantining All Traces: a cookie
5:26 PM: Quarantining All Traces: about cookie
5:26 PM: Quarantining All Traces: adjuggler cookie
5:26 PM: Quarantining All Traces: adlegend cookie
5:26 PM: Quarantining All Traces: ad-rotator cookie
5:26 PM: Quarantining All Traces: anm.co.uk cookie
5:26 PM: Quarantining All Traces: ask cookie
5:26 PM: Quarantining All Traces: askmen cookie
5:26 PM: Quarantining All Traces: atwola cookie
5:26 PM: Quarantining All Traces: azjmp cookie
5:26 PM: Quarantining All Traces: banner cookie
5:26 PM: Quarantining All Traces: barelylegal cookie
5:26 PM: Quarantining All Traces: belnk cookie
5:26 PM: Quarantining All Traces: burstbeacon cookie
5:26 PM: Quarantining All Traces: burstnet cookie
5:26 PM: Quarantining All Traces: cardomain cookie
5:26 PM: Quarantining All Traces: clicktracks cookie
5:26 PM: Quarantining All Traces: clickzs cookie
5:26 PM: Quarantining All Traces: collegebleeptour cookie
5:26 PM: Quarantining All Traces: customer cookie
5:26 PM: Quarantining All Traces: dbbsrv cookie
5:26 PM: Quarantining All Traces: did-it cookie
5:26 PM: Quarantining All Traces: go.com cookie
5:26 PM: Quarantining All Traces: homestore cookie
5:26 PM: Quarantining All Traces: ic-live cookie
5:26 PM: Quarantining All Traces: infospace cookie
5:26 PM: Quarantining All Traces: megago cookie
5:26 PM: Quarantining All Traces: myaffiliateprogram.com cookie
5:26 PM: Quarantining All Traces: mygeek cookie
5:26 PM: Quarantining All Traces: nextag cookie
5:26 PM: Quarantining All Traces: paypopup cookie
5:26 PM: Quarantining All Traces: precisead cookie
5:26 PM: Quarantining All Traces: reliablestats cookie
5:26 PM: Quarantining All Traces: reunion cookie
5:26 PM: Quarantining All Traces: rightmedia cookie
5:26 PM: Quarantining All Traces: specificclick.com cookie
5:26 PM: Quarantining All Traces: tickle cookie
5:26 PM: Quarantining All Traces: tracking cookie
5:26 PM: Quarantining All Traces: trb.com cookie
5:26 PM: Quarantining All Traces: websponsors cookie
5:26 PM: Quarantining All Traces: web-stat cookie
5:26 PM: Quarantining All Traces: xiti cookie
5:26 PM: Quarantining All Traces: yadro cookie
5:26 PM: Quarantining All Traces: yieldmanager cookie
5:26 PM: Removal process completed. Elapsed time 00:00:07
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
5:26 PM: The Spy Communication shield has blocked access to: download.winfixer.com
********
4:53 PM: | Start of Session, Sunday, December 04, 2005 |
4:53 PM: Spy Sweeper started
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: Your spyware definitions have been updated.
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:54 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: The Spy Communication shield has blocked access to: download.winfixer.com
4:55 PM: | End of Session, Sunday, December 04, 2005 |

#3 Phils

Phils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 04 December 2005 - 05:42 PM

Rebooted and immediately got WinFixer in Taskbar and when I closed it saw the same registry change message in AdAware. I ran another HJT and log is below:
Logfile of HijackThis v1.99.1
Scan saved at 5:38:31 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1116776181\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLServiceHost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SM1BG.EXE
c:\program files\common files\aol\1116776181\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=06880
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Pluck Toolbar - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116776181\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client402/kdx.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Navpomrcfio - Unknown owner - (no file)
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 December 2005 - 02:18 PM

Fix this entry

O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag

Boot and then delete that file
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Phils

Phils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 10 December 2005 - 05:23 PM

Fix this entry

O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag

Boot and then delete that file

Thanks for your reply.
Any time I fix it by cecking it in HJT and using FIX, it is right back there in the next scan. There's no file with the name above or like it in C:\WINDOWS\Downloaded Program Files\.....

It's still a problem for me. Any other suggestion please?

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 December 2005 - 05:42 PM

Sorry missed one

Fix these with HJT – mark them, close IE, click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag

O23 - Service: Navpomrcfio - Unknown owner - (no file)

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Navpomrcfio

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.


DL http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Phils

Phils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 11 December 2005 - 11:59 AM

Hi! Thanks so much for your time and reply.I followed your instructions exactly. Fixed the things you listed for HJT. When I ran services.msc I did NOT see Navpomrcflo however.
Killbox (in Safe Mde) did not see the netinstaller program but I killed it anyway like you said.
I rebooted and did NOT see the Winfixer change to the registry nor am I getting the popup, but I still see that darned netinstaller in the HJT log. Below is my new log taken in normal mode with IE Closed.

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:54:08 AM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLHostManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLServiceHost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1116776181\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1116776181\ee\AOLServiceHost.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=06880
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Pluck Toolbar - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116776181\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client402/kdx.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Navpomrcfio - Unknown owner - (no file)
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for any further suggestions.

Sorry missed one

Fix these with HJT – mark them, close IE, click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag

O23 - Service: Navpomrcfio - Unknown owner - (no file)

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Navpomrcfio

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.


DL http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system



#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 11 December 2005 - 01:34 PM

Give this a go

Adware-Virtumundo Removal Tool v1.2 (Associated with WinFixer Popups)

Note: This tools does not remove the WinFixer application. WinFixer alone does not cause popups or disrupt the system. If WinFixer was installed on your system because Adware or a Trojan Downloader installed it without your permission, please remove it using the Add/Remove Programs Control Panel Applet.

If Virtumundo is not found, the tool will exit showing the log file.

If Virtumundo is found it will do the following:
Version 1.1
Create a Date/Time Stamped log file (VBG.TXT) on the All Users profile's Desktop.
Kill Internet Explorer and Explorer processes.
Rename the infected files with a .Vir extension (this is disable them from being run)
Remove the Browser Helper Object registry key
Adds a registry value to block file from running in Internet Explorer again.
Remove the Winlogon Notify registry key
Automatically restart the computer (via STOP error)
Note: This is a BLUE SCREEN "Fatal Error" Message. It is normal and expected. The tool ends an important Windows Process that was protecting the file and NT Security STOPS the system as soon as it detects this is happening.


VirusScan will now be able to remove the files normally when you run an on-demand scan.

Download Link -> http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Then run your antivirus or Ewido to remove any left over files and then post a fresh hjt log & the report from this tool
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users