Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Newdotnet, Surfsidekick And Trojan.startpage


  • This topic is locked This topic is locked
13 replies to this topic

#1 mad4lax

mad4lax

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 19 July 2006 - 10:38 AM

After running all of the utilities as suggested before posting this message, it appears I am infected with NewDotNet, SurfSideKick (both those detected by SpyBot) and Trojan.StartPage (mptft.exe) according to Norton Anti-virus. The funny thing about the Trojan.StartPage is that Norton can't repair, quarantine or delete the infected file. Yet when I was running Ad-aware, Norton was running in the background and gave me an alert that it discovered Trojan.StartPage and deleted the virus. Yet a subsequent anti-virus scan said my computer was still infected. Help!

Attached is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:04 AM, on 7/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{A4CA8C59-0702-1033-1207-011022010001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sqla2f9b] RUNDLL32.EXE w1b3d0f8.dll,n 001a2f9a000000031b3d0f8
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Coupons - file://C:\Program Files\websearch\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/resources/neutral/co...d.cab?9,0,917,0
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = verizon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\MPHCP.DLL (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\dnjm0111e.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\n4p40e7qeh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 19 July 2006 - 11:56 AM

Hello.

Have hijackthis fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [sqla2f9b] RUNDLL32.EXE w1b3d0f8.dll,n 001a2f9a000000031b3d0f8
O8 - Extra context menu item: Coupons - file://C:\Program Files\websearch\System\Temp\couponsandoffers_script0.htm
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\MPHCP.DLL (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\dnjm0111e.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\n4p40e7qeh.dll (file missing)

Restart your computer.

1. Download this file - combofix
2. Double click combofix.exe & follow the prompts.
3. Save the logfile to where you can find it later

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

then...

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Please attach the logfile from combofix and ewido to a reply in this thread. Please don't copy and paste!


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#3 mad4lax

mad4lax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 20 July 2006 - 11:02 AM

Pomp,

thanks for the help. I followed all your recommended actions. I had a problem and was unable to save the ewido logfile but I know it found several threats and successfully quarantined them all (including, it appears, surfside kick and trojan.startpage). I ran a subsequent ewido scan and was then able to figure out how to save the report for that second scan. After following all the steps you recommended I ran HijackThis again and have that logfile to send as well. My only problem now is I don't know how to attach these files per your request. Can you help me there?


thanks!

#4 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 20 July 2006 - 11:56 AM

Click "Add Reply" in this thread then you will see "File Attachments" ... click the Browse.. button and attach each file one at a time!


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#5 mad4lax

mad4lax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 20 July 2006 - 12:45 PM

I don't have the "File Attachments" option in my "Add Reply" window nor in my "Post Options".

#6 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 20 July 2006 - 01:37 PM

ok instead of attaching, please copy and paste the contents of the combofix and ewido logfile into a reply

Edited by pomp, 20 July 2006 - 01:38 PM.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#7 mad4lax

mad4lax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 20 July 2006 - 02:30 PM

HERE IS THE COMBOFIX AND EWIDO LOGFILES:

COMBOFIX:

Start Time= Wed 07/19/2006 14:17:22.53
Running from: C:\Documents and Settings\Dad\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-19 14:05 267,468,800 C:\hiberfil.sys
2006-07-19 07:25 <DIR> C:\Program Files\spyware doctor
2006-07-18 23:23 <DIR> C:\Program Files\Common Files\symantec shared
2006-07-18 22:20 <DIR> C:\Program Files\zone labs
2006-07-18 14:43 <DIR> C:\Program Files\internet explorer
2006-07-18 14:26 <DIR> C:\Program Files\java
2006-07-18 14:08 439,376 C:\WINDOWS\system32\perfstringbackup.ini
2006-07-18 00:10 1,063 C:\WINDOWS\system32\sqla2f9b.sys
2006-07-17 22:19 <DIR> C:\Program Files\pedevice
2006-07-17 20:29 <DIR> C:\Documents and Settings\Dad\Application Data\lavasoft
2006-07-17 20:28 <DIR> C:\Program Files\lavasoft
2006-07-17 20:06 51,072 C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-17 20:06 30,592 C:\WINDOWS\system32\drivers\ikhfile.sys
2006-07-16 16:28 <DIR> C:\Program Files\norton systemworks
2006-07-16 15:58 <DIR> C:\Program Files\symantec
2006-07-15 18:25 <DIR> C:\Documents and Settings\Dad\Application Data\u3
2006-07-13 22:15 <DIR> C:\Documents and Settings\Dad\Application Data\lycos
2006-07-13 20:51 <DIR> C:\Documents and Settings\Dad\Application Data\pc tools
2006-07-13 18:46 <DIR> C:\Program Files\common files
2006-07-11 23:05 32,768 C:\WINDOWS\dcybdwdl.exe
2006-07-11 22:53 338 C:\WINDOWS\brylf.dll
2006-07-08 21:06 <DIR> C:\Program Files\netropa
2006-07-08 21:06 <DIR> C:\Program Files\dell
2006-07-08 21:06 <DIR> C:\Program Files\conexant
2006-07-08 17:14 <DIR> C:\Program Files\acw
2006-07-08 14:15 <DIR> C:\Program Files\Common Files\murk
2006-07-08 10:44 <DIR> C:\Program Files\partypoker
2006-07-08 10:42 38,941 C:\wd7gi8nnew.exe
2006-07-05 19:46 12,288 C:\setup.exe
2006-07-05 19:24 183,296 C:\WINDOWS\ndnuninstall7_22.exe
2006-07-05 19:24 <DIR> C:\Program Files\web publish
2006-07-05 19:22 <DIR> C:\Program Files\Common Files\{a4ca8c59-0702-1033-1207-011022010001}
2006-07-05 19:20 454,231 C:\visfx500new.exe
2006-07-05 17:10 223 C:\WINDOWS\hp precisionscan pro.ini
2006-06-30 22:38 <DIR> C:\Program Files\installshield installation information
2006-06-30 22:37 <DIR> C:\Program Files\quicktime
2006-06-30 22:32 <DIR> C:\Program Files\itunes
2006-06-30 21:44 <DIR> C:\Program Files\ipod
2006-06-19 16:20 702,768 C:\WINDOWS\system32\wgalogon.dll
2006-06-18 17:54 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-06-18 17:54 83,960 C:\WINDOWS\system32\vsdata.dll
2006-06-18 17:54 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-06-18 17:54 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-06-18 17:54 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-06-18 17:54 59,384 C:\WINDOWS\system32\vswmi.dll
2006-06-18 17:54 440,312 C:\WINDOWS\system32\vsutil.dll
2006-06-18 17:54 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-06-18 17:54 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-06-18 17:54 157,688 C:\WINDOWS\system32\vsinit.dll
2006-06-18 17:54 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-06-18 17:54 100,344 C:\WINDOWS\system32\vsxml.dll
2006-05-31 22:32 <DIR> C:\Program Files\tbonas
2006-05-30 19:09 24,576 C:\WINDOWS\uninstall.exe
2006-05-30 16:54 29,695 C:\WINDOWS\cdplayer.ini
2006-05-28 00:02 619 C:\WINDOWS\win.ini
2006-05-28 00:02 274 C:\WINDOWS\system.ini
2006-05-26 23:38 <DIR> C:\Program Files\spybot - search & destroy
2006-05-25 01:22 53,248 C:\WINDOWS\bdoscandel.exe
2006-05-19 08:59 94,720 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 08:59 148,480 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 08:59 111,616 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-17 19:30 101 C:\WINDOWS\kodakps.dad.ini
2006-05-17 15:01 <DIR> C:\Program Files\expressit s.e. 2.2
2006-05-13 20:05 92 C:\WINDOWS\kodakps.brian.ini
2006-05-13 19:50 199 C:\WINDOWS\importclient.ini
2006-05-12 23:07 314 C:\WINDOWS\mmkeybd.ini
2006-05-12 23:07 269 C:\WINDOWS\msiosd.ini
2006-05-03 12:46 3,436 C:\WINDOWS\photoimpression.ini
2006-05-03 02:56 127,078 C:\WINDOWS\system32\javaws.exe
2006-05-03 01:19 53,346 C:\WINDOWS\system32\javaw.exe
2006-05-03 01:19 49,248 C:\WINDOWS\system32\java.exe
2006-04-20 17:29 <DIR> C:\Program Files\outlook express
2006-04-20 17:29 <DIR> C:\Program Files\Common Files\system
2006-04-07 21:41 <DIR> C:\Program Files\google
2006-04-07 21:41 <DIR> C:\Documents and Settings\Dad\Application Data\google
2006-02-26 16:36 <DIR> C:\Program Files\itsdeductible2005
2006-02-25 13:01 <DIR> C:\Documents and Settings\Dad\Application Data\microsoft
2006-02-25 12:56 <DIR> C:\Program Files\turbotax
2006-02-18 23:27 <DIR> C:\Program Files\windows media player
2006-01-20 19:05 <DIR> C:\Documents and Settings\Dad\Application Data\apple computer
2006-01-19 21:39 <DIR> C:\Documents and Settings\Dad\Application Data\hp
2006-01-02 22:52 <DIR> C:\Program Files\Common Files\sonic shared
2006-01-02 22:50 <DIR> C:\Program Files\Common Files\hp
2006-01-02 22:47 <DIR> C:\Program Files\hp
2006-01-02 22:47 <DIR> C:\Program Files\hewlett-packard
2005-12-21 20:14 <DIR> C:\Program Files\yahoo!
2005-12-21 20:14 <DIR> C:\Documents and Settings\Dad\Application Data\macromedia
2005-12-20 00:32 <DIR> C:\Program Files\aim95
2005-12-18 17:30 <DIR> C:\Documents and Settings\Dad\Application Data\aim
2005-12-17 21:40 <DIR> C:\Program Files\viewpoint
2005-12-17 21:40 <DIR> C:\Program Files\aod
2005-12-09 19:39 <DIR> C:\Documents and Settings\Dad\Application Data\sun
2005-12-08 08:04 <DIR> C:\Program Files\sdmqz
2005-12-04 21:03 <DIR> C:\Program Files\nortel networks
2005-12-03 09:10 <DIR> C:\Documents and Settings\Dad\Application Data\adobe
2005-11-29 23:19 <DIR> C:\Program Files\mozilla firefox
2005-11-26 11:25 <DIR> C:\Program Files\intbonas
2005-11-23 09:24 <DIR> C:\Documents and Settings\Dad\Application Data\mozilla
2005-11-22 21:23 <DIR> C:\Program Files\Common Files\nikon
2005-11-22 21:22 <DIR> C:\Documents and Settings\Dad\Application Data\nikon
2005-11-22 21:21 <DIR> C:\Program Files\nikon
2005-11-19 23:44 <DIR> C:\Program Files\sunbelt software
2005-11-19 00:05 <DIR> C:\Program Files\microsoft intellipoint
2005-11-12 00:32 <DIR> C:\Program Files\pmna
2005-11-02 14:25 <DIR> C:\Program Files\limewire
2005-09-29 16:13 <DIR> C:\Program Files\Common Files\java
2005-09-26 21:34 <DIR> C:\Documents and Settings\Dad\Application Data\canon
2005-09-22 06:19 <DIR> C:\Program Files\Common Files\uninstall information
2005-07-16 20:18 <DIR> C:\Program Files\Common Files\adobe
2005-07-08 13:08 <DIR> C:\Program Files\macromedia
2005-07-08 13:08 <DIR> C:\Program Files\Common Files\macromedia
2005-07-05 22:52 <DIR> C:\Program Files\canon
2005-05-25 22:34 <DIR> C:\Program Files\expressit s.e. 2.1
2005-05-22 21:55 <DIR> C:\Program Files\winavi videoconverter
2005-05-15 20:51 <DIR> C:\Program Files\online services
2005-05-15 20:50 <DIR> C:\Documents and Settings\Dad\Application Data\symantec
2005-05-15 20:05 <DIR> C:\Program Files\Common Files\smith micro shared
2005-05-15 20:05 <DIR> C:\Program Files\checkit
2005-03-28 20:14 <DIR> C:\Documents and Settings\Dad\Application Data\adobeum
2005-03-28 11:22 <DIR> C:\Program Files\adobe
2005-03-22 23:03 <DIR> C:\Program Files\itsdeductibleex
2005-03-19 10:18 <DIR> C:\Documents and Settings\Dad\Application Data\msninstaller
2005-03-14 00:02 <DIR> C:\Documents and Settings\Dad\Application Data\motive
2005-03-04 20:11 <DIR> C:\Program Files\Common Files\aolshare
2005-03-04 18:54 <DIR> C:\Program Files\Common Files\motive
2005-02-26 15:18 <DIR> C:\Program Files\motive
2005-02-26 15:17 <DIR> C:\Program Files\verizon online
2005-02-19 12:29 <DIR> C:\Program Files\msn
2005-02-17 21:20 <DIR> C:\Documents and Settings\Dad\Application Data\intuit
2005-02-15 21:19 <DIR> C:\Program Files\messenger
2005-01-10 18:46 <DIR> C:\Program Files\en espanol
2005-01-02 17:25 <DIR> C:\Program Files\atari
2004-12-27 13:24 <DIR> C:\Program Files\sony
2004-12-27 13:23 <DIR> C:\Program Files\Common Files\sony shared
2004-12-27 13:21 <DIR> C:\Program Files\Common Files\installshield
2004-12-26 23:24 <DIR> C:\Program Files\cyberlink
2004-12-26 16:43 <DIR> C:\Program Files\rio
2004-12-24 10:18 <DIR> C:\Program Files\photo story 3 for windows
2004-12-02 22:25 <DIR> C:\Program Files\screensaver.com
2004-10-19 09:34 <DIR> C:\Program Files\officeupdate11
2004-10-19 09:32 <DIR> C:\Program Files\Common Files\microsoft shared
2004-10-15 16:04 <DIR> C:\Program Files\ezface
2004-09-12 23:28 <DIR> C:\Program Files\kodak
2004-09-12 23:28 <DIR> C:\Program Files\Common Files\kodak
2004-09-12 23:02 <DIR> C:\Program Files\registry mechanic
2004-09-12 12:44 <DIR> C:\Program Files\movie maker
2004-09-12 12:38 <DIR> C:\Program Files\windows nt
2004-09-12 12:38 <DIR> C:\Program Files\netmeeting
2004-08-28 14:29 <DIR> C:\Program Files\lycos
2004-08-26 14:27 <DIR> C:\Documents and Settings\Dad\Application Data\msn6
2004-08-22 08:54 <DIR> C:\Program Files\microsoft picture it! 9
2004-08-22 08:54 <DIR> C:\Program Files\microsoft office outlook connector for msn
2004-08-22 08:52 <DIR> C:\Program Files\design science
2004-08-22 08:50 <DIR> C:\Program Files\msn messenger
2004-08-17 09:15 <DIR> C:\Program Files\windowsupdate
2004-08-16 19:34 <DIR> C:\Program Files\typingmaster
2004-08-15 14:15 <DIR> C:\Program Files\uninstall information
2004-07-18 16:21 <DIR> C:\Program Files\symnetdrv
2004-07-08 15:16 <DIR> C:\Program Files\Common Files\swf studio
2004-07-01 15:53 <DIR> C:\Program Files\dx-ball
2004-06-22 07:52 <DIR> C:\Program Files\creative
2004-06-21 23:56 <DIR> C:\Program Files\cosmi
2004-05-18 09:43 <DIR> C:\Program Files\broderbund
2004-05-12 22:34 <DIR> C:\Program Files\panicware
2004-05-06 20:55 <DIR> C:\Program Files\greetings workshop
2004-04-22 20:02 <DIR> C:\Program Files\kazaa
2004-04-22 20:01 <DIR> C:\Program Files\return to castle wolfenstein
2004-03-19 00:16 <DIR> C:\Documents and Settings\Dad\Application Data\identities
2004-03-12 18:19 <DIR> C:\Program Files\sierra on-line
2004-01-17 09:58 <DIR> C:\Program Files\Common Files\intuit
2004-01-05 18:45 <DIR> C:\Program Files\dreamworks interactive
2003-11-14 22:08 <DIR> C:\Program Files\electronic arts
2003-11-14 22:05 <DIR> C:\Program Files\maxis
2003-11-12 23:11 <DIR> C:\Program Files\learn typing quick & easy
2003-11-02 15:18 <DIR> C:\Program Files\Common Files\verizon online
2003-10-13 21:09 <DIR> C:\Program Files\britannica
2003-10-13 21:07 <DIR> C:\Program Files\javasoft
2003-10-10 22:35 <DIR> C:\Documents and Settings\Dad\Application Data\arcsoft
2003-10-03 15:16 <DIR> C:\Program Files\arcsoft
2003-08-18 15:13 <DIR> C:\Program Files\pocket tanks
2003-07-11 13:14 <DIR> C:\Program Files\Common Files\broderbund
2003-07-11 13:11 <DIR> C:\Program Files\Common Files\borland shared
2003-05-29 18:33 <DIR> C:\Program Files\Common Files\nullsoft
2003-05-26 21:39 <DIR> C:\Documents and Settings\Dad\Application Data\help
2003-05-26 21:38 <DIR> C:\Program Files\hp deskjet 960c series
2003-03-09 00:02 <DIR> C:\Program Files\phonetools
2003-03-02 13:24 <DIR> C:\Program Files\intuit
2003-03-01 20:52 <DIR> C:\Documents and Settings\Dad\Application Data\share-to-web upload folder
2002-12-31 12:04 <DIR> C:\Program Files\3do
2002-12-29 11:30 <DIR> C:\Program Files\microsoft games
2002-12-28 00:24 <DIR> C:\Program Files\aftrbrnr
2002-11-30 08:44 <DIR> C:\Program Files\Common Files\real
2002-11-30 08:44 <DIR> C:\Program Files\Common Files\aol
2002-10-18 17:41 <DIR> C:\Program Files\pcfriendly
2002-09-03 16:41 <DIR> C:\Program Files\disney interactive
2002-08-30 22:33 <DIR> C:\Program Files\small rockets
2002-08-10 14:59 <DIR> C:\Program Files\eacom
2002-05-26 20:18 <DIR> C:\Program Files\directx
2002-04-07 19:45 <DIR> C:\Program Files\hasbro
2002-03-10 17:08 <DIR> C:\Program Files\microsoft encarta
2002-02-10 18:13 <DIR> C:\Program Files\trellix corporation
2002-02-10 18:12 <DIR> C:\Program Files\Common Files\efax
2002-02-10 18:08 <DIR> C:\Program Files\Common Files\hewlett-packard
2002-02-02 19:09 <DIR> C:\Program Files\interactual
2002-02-01 23:23 <DIR> C:\Program Files\accolade
2002-02-01 00:11 <DIR> C:\Program Files\won
2002-01-30 20:23 <DIR> C:\Program Files\dxball2
2002-01-27 16:38 <DIR> C:\Program Files\real
2002-01-23 13:19 <DIR> C:\Program Files\mspress
2002-01-23 13:19 <DIR> C:\Program Files\microsoft visual studio
2002-01-23 13:19 <DIR> C:\Program Files\microsoft activesync
2002-01-23 13:15 <DIR> C:\Program Files\xerox
2002-01-23 13:15 <DIR> C:\Program Files\microsoft office
2002-01-23 13:15 <DIR> C:\Program Files\microsoft frontpage
2002-01-23 13:14 <DIR> C:\Program Files\msn gaming zone
2002-01-23 13:14 <DIR> C:\Program Files\complus applications
2002-01-23 13:14 <DIR> C:\Program Files\Common Files\services
2002-01-23 13:14 <DIR> C:\Program Files\Common Files\odbc
2002-01-23 13:14 <DIR> C:\Program Files\Common Files\mssoap
2002-01-23 13:14 <DIR> C:\Program Files\Common Files\l&h
2002-01-23 13:14 <DIR> C:\Program Files\Common Files\designer
2002-01-23 13:13 <DIR> C:\Program Files\Common Files\speechengines
2002-01-23 13:08 <DIR> C:\Program Files\sierra imaging
2002-01-23 13:08 <DIR> C:\Program Files\musicmatch
2002-01-23 13:04 <DIR> C:\Program Files\modem helper
2002-01-23 13:02 <DIR> C:\Program Files\Common Files\adaptec shared
2002-01-23 13:02 <DIR> C:\Program Files\adaptec


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-18 22:28 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-18 22:28 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-18 22:28 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-18 22:28 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-18 22:28 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-18 22:28 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-18 22:28 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-18 22:28 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-18 22:28 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-18 22:25 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-18 22:25 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-18 22:25 157,688 C:\WINDOWS\system32\vsinit.dll
2006-07-18 14:26 53,346 C:\WINDOWS\system32\javaw.exe
2006-07-18 14:26 49,248 C:\WINDOWS\system32\java.exe
2006-07-18 14:26 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-18 13:49 267,468,800 C:\hiberfil.sys
2006-07-11 23:05 32,768 C:\WINDOWS\dcybdwdl.exe
2006-07-08 10:42 38,941 C:\wd7gi8nnew.exe
2006-07-05 19:24 183,296 C:\WINDOWS\NDNuninstall7_22.exe
2006-07-05 19:22 280,000 C:\WINDOWS\ybsfjua.exe
2006-07-05 19:22 1,063 C:\WINDOWS\system32\sqla2f9b.sys
2006-07-05 19:21 338 C:\WINDOWS\brylf.dll
2006-07-05 19:20 454,231 C:\visfx500new.exe
2006-07-05 19:19 12,288 C:\setup.exe
2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{A4CA8C59-0702-1033-1207-011022010001}"="\"C:\\Program Files\\Common Files\\{A4CA8C59-0702-1033-1207-011022010001}\\Update.exe\" mc-110-12-0000228"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\CONEXANT\\kyzetemy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Dell\\howy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"murk"="C:\\PROGRA~1\\COMMON~1\\murk\\murkm.exe"
"ykdwo"="C:\\WINDOWS\\system32\\dwsenx.exe reg_run"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{A4CA8C59-0702-1033-1207-011022010001}"="\"C:\\Program Files\\Common Files\\{A4CA8C59-0702-1033-1207-011022010001}\\Update.exe\" mc-110-12-0000228"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"murk"="C:\\PROGRA~1\\COMMON~1\\murk\\murkm.exe"
"ykdwo"="C:\\WINDOWS\\system32\\dwsenx.exe reg_run"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{A4CA8C59-0702-1033-1207-011022010001}"="\"C:\\Program Files\\Common Files\\{A4CA8C59-0702-1033-1207-011022010001}\\Update.exe\" mc-110-12-0000228"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
"backup"="C:\\WINDOWS\\pss\\Camio Viewer 2000.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SIERRA~1\\IMAGEE~1\\IXApplet.exe -s"
"item"="Camio Viewer 2000"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
"backup"="C:\\WINDOWS\\pss\\Forget Me Not.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\AGCREA~1\\AGRemind.exe "
"item"="Forget Me Not"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE "
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkvMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0O3u1m]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="0O3u1m"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0OOub]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="0OOub"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AHQInit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DELLMMKB"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\DELLMMKB.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dinst"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farmmext]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="farmmext"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gdrtdai]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nqtoeqp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H02qRPH2P]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fixntfy"
"hkey"="HKCU"
"command"="fixntfy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hkxroeq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xacucwl"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb04"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd08"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HzybJKBmm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HzybJKBmm"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igoDdjMXv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igoDdjMXv"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPClient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Verizon Online\\Visual IP InSight\\IPClient.exe\" -l"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPMon32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Verizon Online\\Visual IP InSight\\IPMon32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kTBGfenF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kTBGfenF"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lwfqkwf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bxgbdd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdpbixo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bbyfea"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrklpqk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vrvkxh"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="N"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapw32"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opmjfv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ugbklik"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pk"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qxkweho]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vedraov"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rwssr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spcgrhx"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDSQA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDSQA"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tjlpfa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tjlpfa"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tK29hCB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tK29hCB"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvxtxoq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="crprfv"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAdCtl"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Y1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Y1"
"hkey"="HKLM"
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Brian.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Dad.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Wed 07/19/2006 14:18:35.75
ComboFix ver 06.07.19.2 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

I had a problem and was unable to save the first ewido logfile but I know it found several threats and successfully quarantined them all (including, it appears, surfside kick and trojan.startpage). I ran a subsequent ewido scan and was then able to figure out how to save the report for that second scan. HERE IS THE 2nd EWIDO LOGFILE.

Thanks!
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:10:57 AM 7/20/2006

+ Scan result:



:mozilla.23:C:\RECYCLER\NPROTECT\00011613.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.23:C:\RECYCLER\NPROTECT\00011773.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.23:C:\RECYCLER\NPROTECT\00012423.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.24:C:\RECYCLER\NPROTECT\00011766.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00011774.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00011777.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00011778.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00011780.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00011781.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012122.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012305.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012306.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012307.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012312.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012319.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012408.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012424.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012426.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012427.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00012429.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00013083.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00013084.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00013085.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00013086.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00013089.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.26:C:\RECYCLER\NPROTECT\00013090.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.26:C:\RECYCLER\NPROTECT\00013095.MOZ -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.105:C:\RECYCLER\NPROTECT\00011773.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.105:C:\RECYCLER\NPROTECT\00012423.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.106:C:\RECYCLER\NPROTECT\00011613.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.106:C:\RECYCLER\NPROTECT\00011766.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00011774.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00011777.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00011778.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00011780.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00011781.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012122.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012305.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012306.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012307.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012312.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012319.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012408.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012424.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012426.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012427.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00012429.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00013083.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00013084.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00013085.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00013086.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\RECYCLER\NPROTECT\00013089.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.108:C:\RECYCLER\NPROTECT\00013090.MOZ -> TrackingCookie.Googleadservi

#8 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 20 July 2006 - 03:48 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#9 mad4lax

mad4lax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 20 July 2006 - 07:32 PM

Here are the contents of the SpySweeper session log....thanks.

8:32 PM: Removal process completed. Elapsed time 00:22:52
8:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST284.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST285.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:30 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST286.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST287.tmp". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:29 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST288.tmp". Reason: The system cannot find the file specified
8:28 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:28 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST288.tmp". Reason: The system cannot find the file specified
8:28 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
8:28 PM: Quarantining All Traces: stats.klsoft.com cookie
8:28 PM: Quarantining All Traces: desktop kazaa cookie
8:28 PM: Quarantining All Traces: mywebsearch cookie
8:28 PM: Quarantining All Traces: a cookie
8:28 PM: Quarantining All Traces: overture cookie
8:28 PM: Quarantining All Traces: cliks cookie
8:28 PM: Quarantining All Traces: xmatch cookie
8:28 PM: Quarantining All Traces: tendollars cookie
8:28 PM: Quarantining All Traces: franklinsurveys cookie
8:28 PM: Quarantining All Traces: ebates cookie
8:28 PM: Quarantining All Traces: webpower cookie
8:28 PM: Quarantining All Traces: sexsearch cookie
8:28 PM: Quarantining All Traces: teensforcash cookie
8:28 PM: Quarantining All Traces: spywarestormer cookie
8:28 PM: Quarantining All Traces: passion cookie
8:28 PM: Quarantining All Traces: touchclarity cookie
8:28 PM: Quarantining All Traces: mygeek cookie
8:28 PM: Quarantining All Traces: imlive.com cookie
8:28 PM: Quarantining All Traces: hotmatch cookie
8:28 PM: Quarantining All Traces: go2net.com cookie
8:28 PM: Quarantining All Traces: did-it cookie
8:28 PM: Quarantining All Traces: customer cookie
8:28 PM: Quarantining All Traces: classmates cookie
8:28 PM: Quarantining All Traces: alt cookie
8:28 PM: Quarantining All Traces: websponsors cookie
8:28 PM: Quarantining All Traces: primaryads cookie
8:28 PM: Quarantining All Traces: hermoment.com cookie
8:28 PM: Quarantining All Traces: videodome cookie
8:28 PM: Quarantining All Traces: clicktracks cookie
8:28 PM: Quarantining All Traces: rn11 cookie
8:28 PM: Quarantining All Traces: stamps.com cookie
8:28 PM: Quarantining All Traces: partypoker cookie
8:28 PM: Quarantining All Traces: offeroptimizer cookie
8:28 PM: Quarantining All Traces: nextag cookie
8:28 PM: Quarantining All Traces: screensavers.com cookie
8:28 PM: Quarantining All Traces: go.com cookie
8:28 PM: Quarantining All Traces: exitexchange cookie
8:28 PM: Quarantining All Traces: delfinproject cookie
8:28 PM: Quarantining All Traces: directtrack cookie
8:28 PM: Quarantining All Traces: cassava cookie
8:28 PM: Quarantining All Traces: btgrab cookie
8:28 PM: Quarantining All Traces: banner cookie
8:28 PM: Quarantining All Traces: azjmp cookie
8:28 PM: Quarantining All Traces: atwola cookie
8:28 PM: Quarantining All Traces: belnk cookie
8:28 PM: Quarantining All Traces: ask cookie
8:28 PM: Quarantining All Traces: cc214142 cookie
8:28 PM: Quarantining All Traces: adprofile cookie
8:28 PM: Quarantining All Traces: hbmediapro cookie
8:28 PM: Quarantining All Traces: adecn cookie
8:28 PM: Quarantining All Traces: 888 cookie
8:28 PM: Quarantining All Traces: directrevenue-thebestoffersnetwork
8:28 PM: Quarantining All Traces: twain-tech
8:28 PM: Quarantining All Traces: dialerplatform
8:28 PM: Quarantining All Traces: cydoor
8:28 PM: Quarantining All Traces: ieplugin
8:28 PM: Quarantining All Traces: couponsandoffers
8:28 PM: Quarantining All Traces: webrebates
8:09 PM: Quarantining All Traces: ebates money maker
8:09 PM: Quarantining All Traces: rebatenation
8:09 PM: Quarantining All Traces: mirar webband
8:09 PM: Quarantining All Traces: esyndicate bho
8:09 PM: Quarantining All Traces: drsnsrch.com hijack
8:09 PM: Quarantining All Traces: findthewebsiteyouneed hijack
8:09 PM: Quarantining All Traces: targetsaver
8:09 PM: Quarantining All Traces: apropos
8:09 PM: Quarantining All Traces: delfin
8:09 PM: Quarantining All Traces: sidesearch
8:09 PM: Quarantining All Traces: maxifiles
8:09 PM: Quarantining All Traces: forethought
8:09 PM: Quarantining All Traces: bookedspace
8:09 PM: Quarantining All Traces: elitemediagroup-mediamotor
8:09 PM: Quarantining All Traces: clearsearch
8:09 PM: Quarantining All Traces: websearch toolbar
8:09 PM: Quarantining All Traces: directrevenue-abetterinternet
8:09 PM: Quarantining All Traces: wildmedia
8:09 PM: Quarantining All Traces: ie driver
8:09 PM: Removal process initiated
8:04 PM: Traces Found: 207
8:04 PM: Full Sweep has completed. Elapsed time 00:48:28
8:04 PM: File Sweep Complete, Elapsed Time: 00:43:50
8:03 PM: Warning: Stream read error
8:03 PM: c:\documents and settings\meghan\local settings\temp\thi392f.tmp\conflict.cab (ID = 84686)
8:03 PM: c:\documents and settings\meghan\local settings\temp\thif75.tmp\conflict.cab (ID = 84686)
8:03 PM: c:\documents and settings\meghan\local settings\temp\thi626c.tmp\conflict.cab (ID = 84686)
8:03 PM: c:\documents and settings\meghan\local settings\temp\thi1e47.tmp\conflict.cab (ID = 84686)
8:01 PM: c:\documents and settings\meghan\local settings\temp\temp.cab (ID = 91696)
8:00 PM: Warning: Failed to access drive E:
8:00 PM: Warning: Failed to access drive D:
7:59 PM: C:\WINDOWS\INF\SET3F.tmp (ID = 81859)
7:59 PM: Found Adware: twain-tech
7:59 PM: C:\WINDOWS\INF\biini.inf (ID = 83199)
7:59 PM: C:\WINDOWS\ktbgfenf (ID = 88059)
7:58 PM: Warning: Failed to open file "c:\documents and settings\brian\local settings\temporary internet files\content.ie5\01czsvcr\show[1].". The operation completed successfully
7:58 PM: Warning: Failed to open file "c:\documents and settings\kate\local settings\temporary internet files\content.ie5\plt6fvtq\search[1].". The operation completed successfully
7:58 PM: C:\Documents and Settings\Jeanne\Local Settings\Temporary Internet Files\Content.IE5\WPIRCT67\update[1].xml (ID = 88414)
7:58 PM: Warning: Failed to open file "c:\documents and settings\dad\local settings\temporary internet files\content.ie5\ffak37sz\boxscore[1].". The operation completed successfully
7:57 PM: Warning: Failed to open file "c:\documents and settings\brian\local settings\temporary internet files\content.ie5\2tr8t4n6\interstitial_tjmaxx[1].". The operation completed successfully
7:53 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENY36R8Z\tsupdate2[1].ini (ID = 193498)
7:53 PM: Found Adware: targetsaver
7:48 PM: c:\documents and settings\meghan\local settings\temp\thi392f.tmp\conflict.cab (ID = 84685)
7:48 PM: c:\documents and settings\meghan\local settings\temp\thi392f.tmp\conflict.inf (ID = 84686)
7:48 PM: c:\documents and settings\meghan\local settings\temp\thif75.tmp\conflict.cab (ID = 84685)
7:48 PM: c:\documents and settings\meghan\local settings\temp\thi626c.tmp\conflict.inf (ID = 84686)
7:48 PM: c:\documents and settings\meghan\local settings\temp\thi626c.tmp\conflict.cab (ID = 84685)
7:48 PM: c:\documents and settings\meghan\local settings\temp\thi1e47.tmp\conflict.cab (ID = 84685)
7:48 PM: c:\documents and settings\meghan\local settings\temp\thif75.tmp\conflict.inf (ID = 84686)
7:47 PM: C:\WINDOWS\sportsinteraction.ico (ID = 58328)
7:47 PM: Found Adware: dialerplatform
7:42 PM: c:\documents and settings\meghan\local settings\temp\~442138.tmp (ID = 86963)
7:42 PM: c:\documents and settings\meghan\local settings\temp\~441251.tmp (ID = 86963)
7:37 PM: c:\documents and settings\meghan\local settings\temp\randreco.exe (ID = 83359)
7:34 PM: C:\Documents and Settings\Jeanne\Local Settings\Temporary Internet Files\Content.IE5\WPIRCT67\update7[1].xml (ID = 88861)
7:33 PM: C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe (ID = 50118)
7:33 PM: Found Adware: apropos
7:27 PM: c:\documents and settings\meghan\local settings\temp\~722619.tmp (ID = 86963)
7:27 PM: c:\documents and settings\meghan\local settings\temp\~476289.tmp (ID = 86963)
7:27 PM: c:\documents and settings\meghan\local settings\temp\~630798.tmp (ID = 86963)
7:24 PM: c:\documents and settings\meghan\local settings\temp\thi1e47.tmp\conflict.inf (ID = 84686)
7:24 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PQRS567\mc-110-12-0000228[1].exe (ID = 320785)
7:23 PM: C:\WINDOWS\876056.exe (ID = 319960)
7:23 PM: C:\WINDOWS\Uninstall.exe (ID = 301842)
7:21 PM: C:\WINDOWS\zAbstract (6 subtraces) (ID = 2147518024)
7:21 PM: C:\Documents and Settings\Brian\Local Settings\Temp\~DlfnTmp1 (ID = 2147486171)
7:21 PM: C:\Program Files\TBONAS (ID = 2147512475)
7:21 PM: C:\Documents and Settings\Brian\Local Settings\Temp\~DlfnTmp3 (ID = 2147486173)
7:21 PM: C:\Documents and Settings\Brian\Local Settings\Temp\~DlfnTmp2 (ID = 2147486172)
7:21 PM: Found Adware: delfin
7:21 PM: C:\Documents and Settings\Jeanne\Local Settings\Temp\ClrSch (ID = 2147486046)
7:21 PM: Found Adware: clearsearch
7:21 PM: Starting File Sweep
7:20 PM: Warning: Failed to access drive A:
7:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:13
7:20 PM: c:\documents and settings\mike\cookies\mike@www.ask[2].txt (ID = 2246)
7:20 PM: c:\documents and settings\mike\cookies\mike@stats.klsoft[1].txt (ID = 3451)
7:20 PM: Found Spy Cookie: stats.klsoft.com cookie
7:20 PM: c:\documents and settings\mike\cookies\mike@desktop.kazaa[2].txt (ID = 2515)
7:20 PM: Found Spy Cookie: desktop kazaa cookie
7:20 PM: c:\documents and settings\jeanne\cookies\jeanne@offeroptimizer[1].txt (ID = 3087)
7:20 PM: c:\documents and settings\jeanne\cookies\jeanne@mywebsearch[2].txt (ID = 3051)
7:20 PM: Found Spy Cookie: mywebsearch cookie
7:20 PM: c:\documents and settings\jeanne\cookies\jeanne@exitexchange[1].txt (ID = 2633)
7:20 PM: c:\documents and settings\jeanne\cookies\jeanne@btg.btgrab[2].txt (ID = 2333)
7:20 PM: c:\documents and settings\jeanne\cookies\jeanne@a[2].txt (ID = 2027)
7:20 PM: Found Spy Cookie: a cookie
7:20 PM: c:\documents and settings\meghan\cookies\meghan@offeroptimizer[2].txt (ID = 3087)
7:20 PM: c:\documents and settings\meghan\cookies\meghan@data1.perf.overture[2].txt (ID = 3106)
7:20 PM: Found Spy Cookie: overture cookie
7:20 PM: c:\documents and settings\meghan\cookies\meghan@cliks[2].txt (ID = 2414)
7:20 PM: Found Spy Cookie: cliks cookie
7:20 PM: c:\documents and settings\meghan\cookies\meghan@btg.btgrab[2].txt (ID = 2333)
7:20 PM: c:\documents and settings\meghan\cookies\meghan@atwola[1].txt (ID = 2255)
7:20 PM: c:\documents and settings\meghan\cookies\meghan@ask[1].txt (ID = 2245)
7:20 PM: c:\documents and settings\brian\cookies\brian@xmatch[1].txt (ID = 3719)
7:20 PM: Found Spy Cookie: xmatch cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@www3.tendollars[1].txt (ID = 6367)
7:20 PM: Found Spy Cookie: tendollars cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@www3.franklinsurveys[1].txt (ID = 2689)
7:20 PM: Found Spy Cookie: franklinsurveys cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@www.ebates[1].txt (ID = 2558)
7:20 PM: Found Spy Cookie: ebates cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@www.888[2].txt (ID = 2020)
7:20 PM: c:\documents and settings\brian\cookies\brian@webpower[2].txt (ID = 3660)
7:20 PM: Found Spy Cookie: webpower cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@tour.splash.sexsearch[1].txt (ID = 3358)
7:20 PM: Found Spy Cookie: sexsearch cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@teensforcash[2].txt (ID = 3509)
7:20 PM: Found Spy Cookie: teensforcash cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@spywarestormer[1].txt (ID = 3417)
7:20 PM: Found Spy Cookie: spywarestormer cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@rn11[2].txt (ID = 3261)
7:20 PM: c:\documents and settings\brian\cookies\brian@rapidresponse.directtrack[1].txt (ID = 2528)
7:20 PM: c:\documents and settings\brian\cookies\brian@perfectpaycheck.directtrack[2].txt (ID = 2528)
7:20 PM: c:\documents and settings\brian\cookies\brian@passion[2].txt (ID = 3113)
7:20 PM: Found Spy Cookie: passion cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@partypoker[2].txt (ID = 3111)
7:20 PM: c:\documents and settings\brian\cookies\brian@partypoker.touchclarity[1].txt (ID = 3567)
7:20 PM: Found Spy Cookie: touchclarity cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@offeroptimizer[1].txt (ID = 3087)
7:20 PM: c:\documents and settings\brian\cookies\brian@nextag[2].txt (ID = 5014)
7:20 PM: c:\documents and settings\brian\cookies\brian@mygeek[1].txt (ID = 3041)
7:20 PM: Found Spy Cookie: mygeek cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@imlive[2].txt (ID = 2843)
7:20 PM: Found Spy Cookie: imlive.com cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@hotmatch[1].txt (ID = 3854)
7:20 PM: Found Spy Cookie: hotmatch cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@go2net[1].txt (ID = 2730)
7:20 PM: Found Spy Cookie: go2net.com cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@exitexchange[1].txt (ID = 2633)
7:20 PM: c:\documents and settings\brian\cookies\brian@dist.belnk[1].txt (ID = 2293)
7:20 PM: c:\documents and settings\brian\cookies\brian@directtrack[1].txt (ID = 2527)
7:20 PM: c:\documents and settings\brian\cookies\brian@did-it[1].txt (ID = 2523)
7:20 PM: Found Spy Cookie: did-it cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@delfinproject[1].txt (ID = 2509)
7:20 PM: c:\documents and settings\brian\cookies\brian@customer[1].txt (ID = 2481)
7:20 PM: Found Spy Cookie: customer cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@classmates[1].txt (ID = 2384)
7:20 PM: Found Spy Cookie: classmates cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@cassava[1].txt (ID = 2362)
7:20 PM: c:\documents and settings\brian\cookies\brian@btg.btgrab[2].txt (ID = 2333)
7:20 PM: c:\documents and settings\brian\cookies\brian@btg.btgrab[1].txt (ID = 2333)
7:20 PM: c:\documents and settings\brian\cookies\brian@broadbandnational.directtrack[1].txt (ID = 2528)
7:20 PM: c:\documents and settings\brian\cookies\brian@banner[1].txt (ID = 2276)
7:20 PM: c:\documents and settings\brian\cookies\brian@azjmp[2].txt (ID = 2270)
7:20 PM: c:\documents and settings\brian\cookies\brian@atwola[1].txt (ID = 2255)
7:20 PM: c:\documents and settings\brian\cookies\brian@ath.belnk[1].txt (ID = 2293)
7:20 PM: c:\documents and settings\brian\cookies\brian@ask[2].txt (ID = 2245)
7:20 PM: c:\documents and settings\brian\cookies\brian@ar.atwola[1].txt (ID = 2256)
7:20 PM: c:\documents and settings\brian\cookies\brian@alt[1].txt (ID = 2217)
7:20 PM: Found Spy Cookie: alt cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@aff.primaryads[2].txt (ID = 3190)
7:20 PM: c:\documents and settings\brian\cookies\brian@ads.cc214142[1].txt (ID = 2367)
7:20 PM: c:\documents and settings\brian\cookies\brian@adprofile[2].txt (ID = 2084)
7:20 PM: c:\documents and settings\brian\cookies\brian@adopt.hbmediapro[2].txt (ID = 2768)
7:20 PM: c:\documents and settings\brian\cookies\brian@adecn[1].txt (ID = 2063)
7:20 PM: c:\documents and settings\brian\cookies\brian@a.websponsors[1].txt (ID = 3665)
7:20 PM: Found Spy Cookie: websponsors cookie
7:20 PM: c:\documents and settings\brian\cookies\brian@888[2].txt (ID = 2019)
7:20 PM: c:\documents and settings\brian\cookies\brian@888[1].txt (ID = 2019)
7:20 PM: c:\documents and settings\brian\cookies\brian@1.primaryads[2].txt (ID = 3190)
7:20 PM: Found Spy Cookie: primaryads cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@www.screensavers[1].txt (ID = 3298)
7:20 PM: c:\documents and settings\kate\cookies\kate@www.hermoment[1].txt (ID = 2774)
7:20 PM: Found Spy Cookie: hermoment.com cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@www.888[1].txt (ID = 2020)
7:20 PM: c:\documents and settings\kate\cookies\kate@videodome[1].txt (ID = 3638)
7:20 PM: Found Spy Cookie: videodome cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@stats2.clicktracks[2].txt (ID = 2407)
7:20 PM: Found Spy Cookie: clicktracks cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@stamps[2].txt (ID = 3437)
7:20 PM: c:\documents and settings\kate\cookies\kate@rn11[1].txt (ID = 3261)
7:20 PM: Found Spy Cookie: rn11 cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@rapidresponse.directtrack[2].txt (ID = 2528)
7:20 PM: c:\documents and settings\kate\cookies\kate@photo.stamps[1].txt (ID = 3438)
7:20 PM: Found Spy Cookie: stamps.com cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@partypoker[2].txt (ID = 3111)
7:20 PM: Found Spy Cookie: partypoker cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@offeroptimizer[2].txt (ID = 3087)
7:20 PM: Found Spy Cookie: offeroptimizer cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@nextag[2].txt (ID = 5014)
7:20 PM: Found Spy Cookie: nextag cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@movies.go[1].txt (ID = 2729)
7:20 PM: c:\documents and settings\kate\cookies\kate@movie-times.movies.go[1].txt (ID = 2729)
7:20 PM: c:\documents and settings\kate\cookies\kate@i.screensavers[1].txt (ID = 3298)
7:20 PM: Found Spy Cookie: screensavers.com cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@go[1].txt (ID = 2728)
7:20 PM: Found Spy Cookie: go.com cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@exitexchange[2].txt (ID = 2633)
7:20 PM: Found Spy Cookie: exitexchange cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@dist.belnk[2].txt (ID = 2293)
7:20 PM: c:\documents and settings\kate\cookies\kate@delfinproject[1].txt (ID = 2509)
7:20 PM: Found Spy Cookie: delfinproject cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@deletenow.directtrack[2].txt (ID = 2528)
7:20 PM: Found Spy Cookie: directtrack cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@cassava[1].txt (ID = 2362)
7:20 PM: Found Spy Cookie: cassava cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@btg.btgrab[2].txt (ID = 2333)
7:20 PM: Found Spy Cookie: btgrab cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@banner[2].txt (ID = 2276)
7:20 PM: Found Spy Cookie: banner cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@azjmp[1].txt (ID = 2270)
7:20 PM: Found Spy Cookie: azjmp cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@atwola[2].txt (ID = 2255)
7:20 PM: Found Spy Cookie: atwola cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@ath.belnk[1].txt (ID = 2293)
7:20 PM: Found Spy Cookie: belnk cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@ask[1].txt (ID = 2245)
7:20 PM: Found Spy Cookie: ask cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@ads.cc214142[2].txt (ID = 2367)
7:20 PM: Found Spy Cookie: cc214142 cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@adprofile[1].txt (ID = 2084)
7:20 PM: Found Spy Cookie: adprofile cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@adopt.hbmediapro[2].txt (ID = 2768)
7:20 PM: Found Spy Cookie: hbmediapro cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@adecn[1].txt (ID = 2063)
7:20 PM: Found Spy Cookie: adecn cookie
7:20 PM: c:\documents and settings\kate\cookies\kate@888[2].txt (ID = 2019)
7:20 PM: c:\documents and settings\kate\cookies\kate@888[1].txt (ID = 2019)
7:20 PM: Found Spy Cookie: 888 cookie
7:20 PM: Starting Cookie Sweep
7:20 PM: Registry Sweep Complete, Elapsed Time:00:01:29
7:20 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
7:20 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1007.bak\software\cydoor services\ (ID = 639128)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1007.bak\software\cydoor\ (ID = 639126)
7:20 PM: Found Adware: cydoor
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\wintools\ (ID = 646241)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\aurora\ (ID = 360174)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\main\ || updater (ID = 146721)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\wintools\ (ID = 146514)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\menuext\rebate nation\ (ID = 139274)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\searchurl\ (ID = 128212)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\main\ || search page (ID = 128207)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\intexp\ (ID = 128173)
7:20 PM: Found Adware: ieplugin
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1008\software\microsoft\internet explorer\menuext\coupons\ (ID = 112527)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\aurora\ (ID = 360174)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\main\ || updater (ID = 146721)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
7:20 PM: Found Adware: websearch toolbar
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\menuext\rebate nation\ (ID = 139274)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\esyn\ (ID = 125844)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1009\software\microsoft\internet explorer\menuext\coupons\ (ID = 112527)
7:20 PM: Found Adware: couponsandoffers
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\tbonas\ (ID = 1184824)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\aurora\ (ID = 360174)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\main\ || updater (ID = 146721)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\menuext\rebate nation\ (ID = 139274)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\esyn\ (ID = 125844)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (ID = 125589)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (ID = 125589)
7:20 PM: Found Adware: webrebates
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
7:20 PM: Found Adware: ebates money maker
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\tbonas\ (ID = 1184824)
7:20 PM: Found Adware: directrevenue-thebestoffersnetwork
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
7:20 PM: Found Adware: sidesearch
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\aurora\ (ID = 360174)
7:20 PM: Found Adware: directrevenue-abetterinternet
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\internet explorer\main\ || updater (ID = 146721)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\internet explorer\menuext\rebate nation\ (ID = 139274)
7:20 PM: Found Adware: rebatenation
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
7:20 PM: Found Adware: mirar webband
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
7:20 PM: HKU\WRSS_Profile_S-1-5-21-2731309904-4258192708-1256799619-1011\software\esyn\ (ID = 125844)
7:20 PM: Found Adware: esyndicate bho
7:20 PM: HKU\S-1-5-21-2731309904-4258192708-1256799619-1012\software\microsoft\internet explorer\toolbar\webbrowser\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530952)
7:20 PM: HKU\S-1-5-21-2731309904-4258192708-1256799619-1012\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:20 PM: Found Adware: drsnsrch.com hijack
7:20 PM: HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530980)
7:20 PM: HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530936)
7:20 PM: Found Adware: maxifiles
7:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\treewood\ (ID = 1352578)
7:20 PM: Found Adware: forethought
7:20 PM: HKLM\software\classes\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347961)
7:20 PM: HKLM\software\classes\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347946)
7:20 PM: HKLM\software\classes\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347932)
7:20 PM: HKLM\software\classes\appid\cfg32s.dll\ (ID = 1347930)
7:20 PM: HKCR\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347910)
7:20 PM: HKCR\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347895)
7:20 PM: HKCR\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347881)
7:20 PM: HKCR\appid\cfg32s.dll\ (ID = 1347879)
7:20 PM: Found Adware: bookedspace
7:20 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm81.ocx\ (ID = 762354)
7:20 PM: Found Adware: elitemediagroup-mediamotor
7:20 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
7:20 PM: Found Adware: findthewebsiteyouneed hijack
7:19 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (ID = 146699)
7:19 PM: HKCR\appid\winaffiliatebho.dll\ (ID = 146688)
7:19 PM: Found Adware: wildmedia
7:19 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
7:19 PM: Found Adware: ie driver
7:19 PM: Starting Registry Sweep
7:19 PM: Memory Sweep Complete, Elapsed Time: 00:02:30
7:16 PM: Starting Memory Sweep
7:16 PM: Sweep initiated using definitions version 723
7:16 PM: Spy Sweeper 5.0.5.1286 started
7:16 PM: | Start of Session, Thursday, July 20, 2006 |
********
7:16 PM: | End of Session, Thursday, July 20, 2006 |
7:13 PM: Your spyware definitions have been updated.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:11 PM: Shield States
7:10 PM: Spyware Definitions: 691
7:10 PM: Spy Sweeper 5.0.5.1286 started
7:10 PM: Spy Sweeper 5.0.5.1286 started
7:10 PM: | Start of Session, Thursday, July 20, 2006 |
********

#10 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 20 July 2006 - 07:47 PM

Please restart your computer if you haven't since the spysweeper scan...then scan with hijackthis and post the logfile.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#11 mad4lax

mad4lax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 21 July 2006 - 05:52 PM

Here is the hijackthis logfile after completing the spysweeper scan...thanks!

Logfile of HijackThis v1.99.1
Scan saved at 6:54:39 PM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/resources/neutral/co...d.cab?9,0,917,0
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = verizon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#12 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 21 July 2006 - 06:04 PM

Your log is clean! :thumbsup:

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :flowers:

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Tiny Personal Firewall

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing :huh:


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#13 mad4lax

mad4lax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 21 July 2006 - 07:57 PM

Thanks you so much! I will definitely implement your suggestions! This web site has been great and will be a fantastic resource for me going forward.

#14 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:01:27 AM

Posted 21 July 2006 - 08:35 PM

Glad I could help!!..Take care.

This topic is now closed.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users