Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
5 replies to this topic

#1 Blah...

Blah...

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 23 July 2006 - 09:23 AM

Logfile of HijackThis v1.99.1
Scan saved at 15:17:50, on 23/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\vsnpstd2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\DOCUME~1\Matthew\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146927580148
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bw+0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {ABDADD95-4EF4-4F81-A83D-740E92D45A13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



Problems with getting rid of Spyheal and Antivirus gold, both which are unwanted spyware/adware.

Edited by Blah..., 23 July 2006 - 09:26 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:15 PM

Posted 25 July 2006 - 08:11 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Can you post the log from Spysweeper so I can see what it is detecting?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Blah...

Blah...
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 25 July 2006 - 09:35 AM

15:32: Removal process completed. Elapsed time 00:00:01
15:32: Quarantining All Traces: mediaplex cookie
15:32: Quarantining All Traces: fastclick cookie
15:32: Quarantining All Traces: burstnet cookie
15:32: Quarantining All Traces: atlas dmt cookie
15:32: Quarantining All Traces: 2o7.net cookie
15:32: Quarantining All Traces: 247realmedia cookie
15:32: Removal process initiated
15:01: Traces Found: 9
15:01: Full Sweep has completed. Elapsed time 00:14:38
15:01: File Sweep Complete, Elapsed Time: 00:12:22
15:01: Warning: Failed to access drive I:
15:01: Warning: Failed to access drive H:
15:01: Warning: Failed to access drive G:
15:01: Warning: Failed to access drive F:
14:58: Warning: Failed to access drive D:
14:57: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\matthew\data\d0000000.fcs". The operation completed successfully
14:49: Starting File Sweep
14:49: Cookie Sweep Complete, Elapsed Time: 00:00:01
14:49: c:\documents and settings\david\cookies\david@atdmt[2].txt (ID = 2253)
14:49: c:\documents and settings\matthew\cookies\matthew@www.burstnet[2].txt (ID = 2337)
14:49: c:\documents and settings\matthew\cookies\matthew@msnportal.112.2o7[1].txt (ID = 1958)
14:49: c:\documents and settings\matthew\cookies\matthew@mediaplex[1].txt (ID = 6442)
14:49: Found Spy Cookie: mediaplex cookie
14:49: c:\documents and settings\matthew\cookies\matthew@fastclick[2].txt (ID = 2651)
14:49: Found Spy Cookie: fastclick cookie
14:49: c:\documents and settings\matthew\cookies\matthew@burstnet[2].txt (ID = 2336)
14:49: Found Spy Cookie: burstnet cookie
14:49: c:\documents and settings\matthew\cookies\matthew@atdmt[1].txt (ID = 2253)
14:49: Found Spy Cookie: atlas dmt cookie
14:49: c:\documents and settings\matthew\cookies\matthew@2o7[2].txt (ID = 1957)
14:49: Found Spy Cookie: 2o7.net cookie
14:49: c:\documents and settings\matthew\cookies\matthew@247realmedia[1].txt (ID = 1953)
14:49: Found Spy Cookie: 247realmedia cookie
14:49: Starting Cookie Sweep
14:49: Registry Sweep Complete, Elapsed Time:00:00:28
14:48: Starting Registry Sweep
14:48: Memory Sweep Complete, Elapsed Time: 00:01:40
14:46: Starting Memory Sweep
14:46: Sweep initiated using definitions version 724
14:46: Spy Sweeper 5.0.5.1286 started
14:46: | Start of Session, 25 July 2006 |
********
14:46: | End of Session, 25 July 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:14: Shield States
12:14: Spyware Definitions: 724
12:13: Spy Sweeper 5.0.5.1286 started
20:04: Your definitions are up to date.
20:04: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
20:03: Shield States
20:03: Spyware Definitions: 724
20:03: Spy Sweeper 5.0.5.1286 started
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
13:02: Shield States
13:02: Spyware Definitions: 724
13:01: Spy Sweeper 5.0.5.1286 started
12:20: | End of Session, 24 July 2006 |
12:19: Removal process completed. Elapsed time 00:00:01
12:19: Quarantining All Traces: statcounter cookie
12:19: Quarantining All Traces: 2o7.net cookie
12:19: Quarantining All Traces: fastclick cookie
12:19: Quarantining All Traces: burstnet cookie
12:19: Quarantining All Traces: atlas dmt cookie
12:19: Quarantining All Traces: advertising cookie
12:19: Removal process initiated
12:19: Traces Found: 7
12:19: Full Sweep has completed. Elapsed time 00:12:48
12:19: File Sweep Complete, Elapsed Time: 00:10:48
12:19: Warning: Failed to access drive I:
12:19: Warning: Failed to access drive H:
12:19: Warning: Failed to access drive G:
12:19: Warning: Failed to access drive F:
12:19: Warning: Failed to access drive E:
12:19: Warning: Failed to access drive D:
12:18: Warning: Failed to open file "c:\documents and settings\matthew\local settings\application data\microsoft\messenger\matthewedwards89@hotmail.co.uk\sharingmetadata\pending.dat". The operation completed successfully
12:18: Warning: Failed to open file "c:\documents and settings\matthew\local settings\application data\microsoft\messenger\matthewedwards89@hotmail.co.uk\sharingmetadata\infected.dat". The operation completed successfully
12:17: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temp\~df235c.tmp". The operation completed successfully
12:17: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temp\~dfbadb.tmp". The operation completed successfully
12:17: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\matthew\data\d0000000.fcs". The operation completed successfully
12:17: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5q74tu7\emap[2].wvx". The operation completed successfully
12:08: Starting File Sweep
12:08: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:08: c:\documents and settings\matthew\cookies\matthew@www.burstnet[1].txt (ID = 2337)
12:08: c:\documents and settings\matthew\cookies\matthew@statcounter[1].txt (ID = 3447)
12:08: Found Spy Cookie: statcounter cookie
12:08: c:\documents and settings\matthew\cookies\matthew@msnportal.112.2o7[1].txt (ID = 1958)
12:08: Found Spy Cookie: 2o7.net cookie
12:08: c:\documents and settings\matthew\cookies\matthew@fastclick[1].txt (ID = 2651)
12:08: Found Spy Cookie: fastclick cookie
12:08: c:\documents and settings\matthew\cookies\matthew@burstnet[2].txt (ID = 2336)
12:08: Found Spy Cookie: burstnet cookie
12:08: c:\documents and settings\matthew\cookies\matthew@atdmt[2].txt (ID = 2253)
12:08: Found Spy Cookie: atlas dmt cookie
12:08: c:\documents and settings\matthew\cookies\matthew@advertising[1].txt (ID = 2175)
12:08: Found Spy Cookie: advertising cookie
12:08: Starting Cookie Sweep
12:08: Registry Sweep Complete, Elapsed Time:00:00:27
12:08: Starting Registry Sweep
12:08: Memory Sweep Complete, Elapsed Time: 00:01:25
12:06: Starting Memory Sweep
12:06: Sweep initiated using definitions version 724
12:06: Spy Sweeper 5.0.5.1286 started
12:06: | Start of Session, 24 July 2006 |
********
12:33: Removal process completed. Elapsed time 00:00:00
12:33: Quarantining All Traces: tradedoubler cookie
12:33: Removal process initiated
12:33: Traces Found: 1
12:33: Full Sweep has completed. Elapsed time 00:12:41
12:33: File Sweep Complete, Elapsed Time: 00:10:24
12:32: Warning: Failed to access drive I:
12:32: Warning: Failed to access drive H:
12:32: Warning: Failed to access drive G:
12:32: Warning: Failed to access drive F:
12:32: Warning: Failed to access drive E:
12:32: Warning: Failed to access drive D:
12:31: Warning: Failed to open file "c:\documents and settings\matthew\local settings\application data\microsoft\messenger\matthewedwards89@hotmail.co.uk\sharingmetadata\pending.dat". The operation completed successfully
12:31: Warning: Failed to open file "c:\documents and settings\matthew\local settings\application data\microsoft\messenger\matthewedwards89@hotmail.co.uk\sharingmetadata\infected.dat". The operation completed successfully
12:30: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temp\~df235c.tmp". The operation completed successfully
12:30: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temp\~dfbadb.tmp". The operation completed successfully
12:30: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\matthew\data\d0000000.fcs". The operation completed successfully
12:23: Starting File Sweep
12:22: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:22: c:\documents and settings\matthew\cookies\matthew@tradedoubler[1].txt (ID = 3575)
12:22: Found Spy Cookie: tradedoubler cookie
12:22: Starting Cookie Sweep
12:22: Registry Sweep Complete, Elapsed Time:00:00:31
12:22: Starting Registry Sweep
12:22: Memory Sweep Complete, Elapsed Time: 00:01:38
12:20: Starting Memory Sweep
12:20: Sweep initiated using definitions version 724
12:20: Spy Sweeper 5.0.5.1286 started
12:20: | Start of Session, 24 July 2006 |
********
12:47: Deletion from quarantine completed. Elapsed time 00:00:00
12:47: Processing: tradedoubler cookie
12:47: Processing: atlas dmt cookie
12:47: Processing: statcounter cookie
12:47: Processing: 2o7.net cookie
12:47: Processing: burstnet cookie
12:47: Processing: burstnet cookie
12:47: Processing: advertising cookie
12:47: Processing: fastclick cookie
12:47: Deletion from quarantine initiated
12:46: None
12:46: Traces Found: 1
12:46: File Sweep Complete, Elapsed Time: 00:09:53
12:46: Sweep Canceled
12:36: Starting File Sweep
12:36: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:36: c:\documents and settings\matthew\cookies\matthew@247realmedia[1].txt (ID = 1953)
12:36: Found Spy Cookie: 247realmedia cookie
12:36: Starting Cookie Sweep
12:36: Registry Sweep Complete, Elapsed Time:00:00:29
12:36: Starting Registry Sweep
12:36: Memory Sweep Complete, Elapsed Time: 00:01:38
12:34: Starting Memory Sweep
12:34: Sweep initiated using definitions version 724
12:34: Spy Sweeper 5.0.5.1286 started
12:34: | Start of Session, 24 July 2006 |
********
12:06: | End of Session, 24 July 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:54: Shield States
11:54: Spyware Definitions: 724
11:53: Spy Sweeper 5.0.5.1286 started
16:54: Your definitions are up to date.
16:54: Automated check for program update in progress.
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
16:20: Tamper Detection
15:03: Deletion from quarantine completed. Elapsed time 00:00:00
15:03: Processing: atlas dmt cookie
15:03: Processing: statcounter cookie
15:03: Processing: 2o7.net cookie
15:03: Processing: tribalfusion cookie
15:03: Processing: fastclick cookie
15:03: Processing: fastclick cookie
15:03: Processing: mediaplex cookie
15:03: Processing: antivirus gold
15:03: Processing: antivirus gold
15:03: Deletion from quarantine initiated
15:03: Removal process completed. Elapsed time 00:00:01
15:03: Quarantining All Traces: tribalfusion cookie
15:03: Quarantining All Traces: statcounter cookie
15:03: Quarantining All Traces: 2o7.net cookie
15:03: Quarantining All Traces: mediaplex cookie
15:03: Quarantining All Traces: fastclick cookie
15:03: Quarantining All Traces: atlas dmt cookie
15:03: Removal process initiated
15:02: Traces Found: 7
15:02: Full Sweep has completed. Elapsed time 00:20:23
15:02: File Sweep Complete, Elapsed Time: 00:16:37
15:02: Warning: Failed to access drive I:
15:02: Warning: Failed to access drive H:
15:02: Warning: Failed to access drive G:
15:02: Warning: Failed to access drive F:
15:02: Warning: Failed to access drive E:
15:02: Warning: Failed to access drive D:
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_19_29_05.log". The operation completed successfully
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_19_29_04.log". The operation completed successfully
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_18_50_21.log". The operation completed successfully
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_19_33_06.log". The operation completed successfully
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_16_57_20.log". The operation completed successfully
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_16_24_06.log". The operation completed successfully
15:02: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_13_53_37.log". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc17\f1 2002 work in progress demo\save\matthew edwards\matthew edwards.gal". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc17\f1 2002 work in progress demo\save\matthew edwards\matthew edwards.dsr". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\ebav6hiv\dl_fromoursponsors_fff[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\headline_users_rating[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\headline_editors_rating[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\mpla76lw\headline_pub_info[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\ebav6hiv\todays-players[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\mpla76lw\guild_blank[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5ibwpuf\guild-focus[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\shmngxar\guide-icon[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\qna[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\faq[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\etm345qf\online[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\databasenew.ref". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\settings\selectedfolders.stg". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\settings\ignorelist.stg". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\settings\customscan.stg". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\settings\settings.stg". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\settings\scaninfo.stg". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_13_26_51.log". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\890h6nwp\bg_head[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5q74tu7\boxbg[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\gzjfyslp\m3[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\etm345qf\m2[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\efxnz50w\caotkrap.htm". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\012jw1in\games_icon_w[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\a[1].aspx". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\xoftspy[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\item1[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\efxnz50w\download_icon%201%20[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\gzjfyslp\a[1].aspx". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\site-wn[1].css". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5q74tu7\al[1].htm". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\shmngxar\al[1].htm". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\ebav6hiv\al[1].htm". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\cagdqvwt.htm". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\shmngxar\catalog[1].css". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_15_44_26.log". The operation completed successfully
15:01: Warning: Failed to open file "c:\recycler\s-1-5-21-4093819201-2767258274-3353051894-1008\dc5\log\log_2006_07_22_16_38_40.log". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\mpla76lw\app_bl_white_22x28[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\gzjfyslp\btn_advanced_off_68x19[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\efxnz50w\btn_basic_on_68x19[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\mpla76lw\app_tab_left_white_22x43[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\ebav6hiv\app_tl_white_22x43[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\ebav6hiv\main[1].css". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5q74tu7\lgo_1col_shopping_com[1].gif". The operation completed successfully
15:01: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\012jw1in\icn_hor_pis[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\shmngxar\al[2].htm". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\al[1].htm". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\cookies\matthew@www.bleepingcomputer[2].txt". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\al[1].htm". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\gzjfyslp\front[1].asp". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\ebav6hiv\al[2].htm". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\etm345qf\casluvwb.jsp". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\890h6nwp\lastpost[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5ibwpuf\exp_minus[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\exp_plus[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\w5ibwpuf\cs_email[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\012jw1in\nav_m[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\gzjfyslp\nav[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\gzjfyslp\rss[1].gif". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\cvt3ayrd\site=ntlworld&pos=bottom&size=richmedia&channel=home&subchannel=&pagename=index&tile=15253649ord=15253649[1]". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\hf7v9x8e\site=ntlworld&pos=topbutton&size=button&channel=home&subchannel=&pagename=index&tile=15253649ord=15253649[1]". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\mpla76lw\site=ntlworld&pos=textlink1&size=textlink&channel=home&subchannel=&pagename=index&tile=15253649ord=15253649[1]". The operation completed successfully
15:00: Warning: Failed to open file "c:\documents and settings\matthew\local settings\temporary internet files\content.ie5\efxnz50w\download;sz=300x250;ptile=1;dcopt=ist;ord=2006.07.23.13.06[1].43". The operation completed successfully
15:00: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\matthew\data\d0000000.fcs". The operation completed successfully
14:46: Starting File Sweep
14:46: Cookie Sweep Complete, Elapsed Time: 00:00:02
14:46: c:\documents and settings\matthew\cookies\matthew@tribalfusion[1].txt (ID = 3589)
14:46: Found Spy Cookie: tribalfusion cookie
14:46: c:\documents and settings\matthew\cookies\matthew@statcounter[1].txt (ID = 3447)
14:46: Found Spy Cookie: statcounter cookie
14:46: c:\documents and settings\matthew\cookies\matthew@msnportal.112.2o7[1].txt (ID = 1958)
14:46: Found Spy Cookie: 2o7.net cookie
14:46: c:\documents and settings\matthew\cookies\matthew@mediaplex[1].txt (ID = 6442)
14:46: Found Spy Cookie: mediaplex cookie
14:46: c:\documents and settings\matthew\cookies\matthew@media.fastclick[1].txt (ID = 2652)
14:46: c:\documents and settings\matthew\cookies\matthew@fastclick[2].txt (ID = 2651)
14:46: Found Spy Cookie: fastclick cookie
14:46: c:\documents and settings\matthew\cookies\matthew@atdmt[1].txt (ID = 2253)
14:46: Found Spy Cookie: atlas dmt cookie
14:46: Starting Cookie Sweep
14:46: Registry Sweep Complete, Elapsed Time:00:00:45
14:45: Starting Registry Sweep
14:45: Memory Sweep Complete, Elapsed Time: 00:02:48
14:42: Starting Memory Sweep
14:42: Sweep initiated using definitions version 724
14:42: Spy Sweeper 5.0.5.1286 started
14:42: | Start of Session, 23 July 2006 |
********
14:42: | End of Session, 23 July 2006 |
14:10: BHO Shield: found: iesdsg.dll-- BHO installation allowed at user request
14:10: BHO Shield: found: -- BHO installation allowed at user request
14:10: BHO Shield: found: iesdpb.dll-- BHO installation allowed at user request
Operation: File Access
Target:
Source: C:\WINDOWS\EXPLORER.EXE
13:49: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
13:18: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
13:16: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
13:06: Shield States
13:06: Spyware Definitions: 724
13:06: Spy Sweeper 5.0.5.1286 started
Operation: File Access
Target:
Source: C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNTHREATENGINE.EXE
12:39: Tamper Detection
11:40: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\avg2109[2].ssq". The process cannot access the file because it is being used by another process
11:40: Spy Installation Shield: found: Adware: antivirus gold, version 1.0.0.0
11:40: Spy Installation Shield: found: Adware: antivirus gold, version 1.0.0.0
11:40: Spy Installation Shield: found: Adware: antivirus gold, version 1.0.0.0
11:40: Spy Installation Shield: found: Adware: antivirus gold, version 1.0.0.0
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:08: Shield States
11:08: Spyware Definitions: 724
Operation: File Access
Target:
Source: C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
11:08: Tamper Detection
11:08: Spy Sweeper 5.0.5.1286 started
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:38: Shield States
10:37: Spyware Definitions: 724
10:37: Spy Sweeper 5.0.5.1286 started
19:34: | End of Session, 22 July 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
19:33: Shield States
19:33: Spyware Definitions: 724
19:33: Spy Sweeper 5.0.5.1286 started
19:29: | End of Session, 22 July 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
19:29: Shield States
19:29: Spyware Definitions: 724
19:29: Spy Sweeper 5.0.5.1286 started
13:01: | End of Session, 22 July 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
13:00: Shield States
13:00: Spyware Definitions: 691
12:59: Spy Sweeper 5.0.5.1286 started
12:59: Spy Sweeper 5.0.5.1286 started
12:59: | Start of Session, 22 July 2006 |
********
13:39: Automated check for program update in progress.
13:38: Traces Found: 228
13:38: Full Sweep has completed. Elapsed time 00:36:52
13:38: File Sweep Complete, Elapsed Time: 00:31:28
13:38: Warning: Failed to access drive I:
13:38: Warning: Failed to access drive H:
13:38: Warning: Failed to access drive G:
13:38: Warning: Failed to access drive F:
13:23: Warning: Failed to open file "c:\documents and settings\matthew\start menu\programs\spyheal\uninstall spyheal 2.1.lnk". The operation completed successfully
13:23: Warning: Failed to open file "c:\program files\spyheal\spyheal.url". The operation completed successfully
13:23: Warning: Failed to open file "c:\documents and settings\matthew\desktop\spyheal.lnk". The operation completed successfully
13:23: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\matthew\data\d0000000.fcs". The operation completed successfully
13:23: Warning: Failed to open file "c:\documents and settings\matthew\start menu\programs\antivirusgolden\uninstall antivirusgolden 3.3.lnk". The operation completed successfully
13:23: Warning: Failed to open file "c:\program files\antivirusgolden\antivirusgolden.url". The operation completed successfully
13:23: Warning: Failed to open file "c:\program files\antivirusgolden\scannerconfig.xml". The operation completed successfully
13:23: Warning: Failed to open file "c:\program files\antivirusgolden\generalconfig.xml". The operation completed successfully
13:22: Warning: Failed to read file "c:\documents and settings\matthew\desktop\spyheal_setup.exe". "c:\documents and settings\matthew\desktop\spyheal_setup.exe": File not found
13:12: Warning: Failed to read file "c:\program files\spyheal\blacklist.txt". "c:\program files\spyheal\blacklist.txt": File not found
13:11: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\spyheal\uninst.exe". "c:\program files\spyheal\uninst.exe": File not found
13:11: Warning: Failed to read file "c:\program files\spyheal\uninst.exe". "c:\program files\spyheal\uninst.exe": File not found
13:06: Starting File Sweep
13:06: Cookie Sweep Complete, Elapsed Time: 00:00:12
13:06: c:\documents and settings\david\cookies\david@serving-sys[2].txt (ID = 3343)
13:06: c:\documents and settings\david\cookies\david@sento.122.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\david\cookies\david@bs.serving-sys[2].txt (ID = 2330)
13:06: c:\documents and settings\david\cookies\david@atdmt[2].txt (ID = 2253)
13:06: c:\documents and settings\david\cookies\david@247realmedia[1].txt (ID = 1953)
13:06: c:\documents and settings\carolyn\cookies\carolyn@yadro[2].txt (ID = 3743)
13:06: Found Spy Cookie: yadro cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@www.myaffiliateprogram[1].txt (ID = 3032)
13:06: Found Spy Cookie: myaffiliateprogram.com cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@tribalfusion[2].txt (ID = 3589)
13:06: c:\documents and settings\carolyn\cookies\carolyn@tradedoubler[1].txt (ID = 3575)
13:06: c:\documents and settings\carolyn\cookies\carolyn@statse.webtrendslive[2].txt (ID = 3667)
13:06: c:\documents and settings\carolyn\cookies\carolyn@statcounter[2].txt (ID = 3447)
13:06: c:\documents and settings\carolyn\cookies\carolyn@stat.onestat[2].txt (ID = 3098)
13:06: Found Spy Cookie: onestat.com cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@serving-sys[1].txt (ID = 3343)
13:06: c:\documents and settings\carolyn\cookies\carolyn@server.iad.liveperson[1].txt (ID = 3341)
13:06: Found Spy Cookie: server.iad.liveperson cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@realmedia[2].txt (ID = 3235)
13:06: c:\documents and settings\carolyn\cookies\carolyn@qksrv[1].txt (ID = 3213)
13:06: c:\documents and settings\carolyn\cookies\carolyn@overture[2].txt (ID = 3105)
13:06: c:\documents and settings\carolyn\cookies\carolyn@mediaplex[2].txt (ID = 6442)
13:06: c:\documents and settings\carolyn\cookies\carolyn@media.fastclick[1].txt (ID = 2652)
13:06: c:\documents and settings\carolyn\cookies\carolyn@linksynergy[1].txt (ID = 2926)
13:06: Found Spy Cookie: linksynergy cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@hypertracker[2].txt (ID = 2817)
13:06: Found Spy Cookie: hypertracker.com cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@fastclick[1].txt (ID = 2651)
13:06: c:\documents and settings\carolyn\cookies\carolyn@edge.ru4[2].txt (ID = 3269)
13:06: c:\documents and settings\carolyn\cookies\carolyn@counter2.hitslink[2].txt (ID = 2790)
13:06: c:\documents and settings\carolyn\cookies\carolyn@bs.serving-sys[1].txt (ID = 2330)
13:06: Found Spy Cookie: bs.serving-sys cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@bluestreak[2].txt (ID = 2314)
13:06: c:\documents and settings\carolyn\cookies\carolyn@bizrate[1].txt (ID = 2308)
13:06: Found Spy Cookie: bizrate cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@a[1].txt (ID = 2027)
13:06: c:\documents and settings\carolyn\cookies\carolyn@atdmt[2].txt (ID = 2253)
13:06: c:\documents and settings\carolyn\cookies\carolyn@ask[1].txt (ID = 2245)
13:06: Found Spy Cookie: ask cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@apmebf[1].txt (ID = 2229)
13:06: c:\documents and settings\carolyn\cookies\carolyn@anm.co[1].txt (ID = 2223)
13:06: Found Spy Cookie: anm.co.uk cookie
13:06: c:\documents and settings\carolyn\cookies\carolyn@adviva[2].txt (ID = 2177)
13:06: c:\documents and settings\carolyn\cookies\carolyn@advertising[1].txt (ID = 2175)
13:06: c:\documents and settings\carolyn\cookies\carolyn@adtech[2].txt (ID = 2155)
13:06: c:\documents and settings\carolyn\cookies\carolyn@ads.pointroll[2].txt (ID = 3148)
13:06: c:\documents and settings\carolyn\cookies\carolyn@2o7[1].txt (ID = 1957)
13:06: c:\documents and settings\carolyn\cookies\carolyn@247realmedia[1].txt (ID = 1953)
13:06: c:\documents and settings\james\cookies\james@zedo[1].txt (ID = 3762)
13:06: c:\documents and settings\james\cookies\james@tradedoubler[2].txt (ID = 3575)
13:06: c:\documents and settings\james\cookies\james@statse.webtrendslive[2].txt (ID = 3667)
13:06: c:\documents and settings\james\cookies\james@statcounter[1].txt (ID = 3447)
13:06: c:\documents and settings\james\cookies\james@serving-sys[2].txt (ID = 3343)
13:06: c:\documents and settings\james\cookies\james@sel.as-us.falkag[1].txt (ID = 2650)
13:06: c:\documents and settings\james\cookies\james@questionmarket[1].txt (ID = 3217)
13:06: c:\documents and settings\james\cookies\james@perf.overture[1].txt (ID = 3106)
13:06: c:\documents and settings\james\cookies\james@msnportal.112.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\james\cookies\james@msninvite.112.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\james\cookies\james@microsofteup.112.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\james\cookies\james@mediaplex[1].txt (ID = 6442)
13:06: c:\documents and settings\james\cookies\james@media.fastclick[1].txt (ID = 2652)
13:06: c:\documents and settings\james\cookies\james@m.webtrends[2].txt (ID = 3669)
13:06: c:\documents and settings\james\cookies\james@fastclick[1].txt (ID = 2651)
13:06: c:\documents and settings\james\cookies\james@etype.adbureau[1].txt (ID = 2060)
13:06: Found Spy Cookie: adbureau cookie
13:06: c:\documents and settings\james\cookies\james@data2.perf.overture[1].txt (ID = 3106)
13:06: c:\documents and settings\james\cookies\james@bluestreak[1].txt (ID = 2314)
13:06: Found Spy Cookie: bluestreak cookie
13:06: c:\documents and settings\james\cookies\james@a[1].txt (ID = 2027)
13:06: c:\documents and settings\james\cookies\james@atdmt[2].txt (ID = 2253)
13:06: c:\documents and settings\james\cookies\james@as-us.falkag[2].txt (ID = 2650)
13:06: c:\documents and settings\james\cookies\james@adviva[2].txt (ID = 2177)
13:06: c:\documents and settings\james\cookies\james@adtech[2].txt (ID = 2155)
13:06: c:\documents and settings\james\cookies\james@adrevolver[2].txt (ID = 2088)
13:06: c:\documents and settings\james\cookies\james@adrevolver[1].txt (ID = 2088)
13:06: c:\documents and settings\james\cookies\james@2o7[2].txt (ID = 1957)
13:06: c:\documents and settings\james\cookies\james@247realmedia[1].txt (ID = 1953)
13:06: c:\documents and settings\sophie\cookies\sophie@zedo[1].txt (ID = 3762)
13:06: Found Spy Cookie: zedo cookie
13:06: c:\documents and settings\sophie\cookies\sophie@www.888[1].txt (ID = 2020)
13:06: c:\documents and settings\sophie\cookies\sophie@web4.realtracker[1].txt (ID = 3242)
13:06: Found Spy Cookie: realtracker cookie
13:06: c:\documents and settings\sophie\cookies\sophie@vdn.valuead[1].txt (ID = 3627)
13:06: Found Spy Cookie: valuead cookie
13:06: c:\documents and settings\sophie\cookies\sophie@tribalfusion[1].txt (ID = 3589)
13:06: Found Spy Cookie: tribalfusion cookie
13:06: c:\documents and settings\sophie\cookies\sophie@tradedoubler[1].txt (ID = 3575)
13:06: Found Spy Cookie: tradedoubler cookie
13:06: c:\documents and settings\sophie\cookies\sophie@tickle[1].txt (ID = 3529)
13:06: Found Spy Cookie: tickle cookie
13:06: c:\documents and settings\sophie\cookies\sophie@statse.webtrendslive[1].txt (ID = 3667)
13:06: Found Spy Cookie: webtrendslive cookie
13:06: c:\documents and settings\sophie\cookies\sophie@stats1.reliablestats[1].txt (ID = 3254)
13:06: Found Spy Cookie: reliablestats cookie
13:06: c:\documents and settings\sophie\cookies\sophie@statcounter[2].txt (ID = 3447)
13:06: Found Spy Cookie: statcounter cookie
13:06: c:\documents and settings\sophie\cookies\sophie@serving-sys[2].txt (ID = 3343)
13:06: Found Spy Cookie: serving-sys cookie
13:06: c:\documents and settings\sophie\cookies\sophie@sel.as-us.falkag[1].txt (ID = 2650)
13:06: c:\documents and settings\sophie\cookies\sophie@sel.as-eu.falkag[1].txt (ID = 2650)
13:06: c:\documents and settings\sophie\cookies\sophie@rotator.adjuggler[2].txt (ID = 2071)
13:06: Found Spy Cookie: adjuggler cookie
13:06: c:\documents and settings\sophie\cookies\sophie@realmedia[2].txt (ID = 3235)
13:06: Found Spy Cookie: realmedia cookie
13:06: c:\documents and settings\sophie\cookies\sophie@questionmarket[1].txt (ID = 3217)
13:06: Found Spy Cookie: questionmarket cookie
13:06: c:\documents and settings\sophie\cookies\sophie@qksrv[1].txt (ID = 3213)
13:06: Found Spy Cookie: qksrv cookie
13:06: c:\documents and settings\sophie\cookies\sophie@perf.overture[1].txt (ID = 3106)
13:06: c:\documents and settings\sophie\cookies\sophie@paypopup[2].txt (ID = 3119)
13:06: Found Spy Cookie: paypopup cookie
13:06: c:\documents and settings\sophie\cookies\sophie@partypoker[1].txt (ID = 3111)
13:06: Found Spy Cookie: partypoker cookie
13:06: c:\documents and settings\sophie\cookies\sophie@partygaming.122.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\sophie\cookies\sophie@overture[1].txt (ID = 3105)
13:06: Found Spy Cookie: overture cookie
13:06: c:\documents and settings\sophie\cookies\sophie@msnportal.112.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\sophie\cookies\sophie@mediaplex[1].txt (ID = 6442)
13:06: Found Spy Cookie: mediaplex cookie
13:06: c:\documents and settings\sophie\cookies\sophie@media.fastclick[1].txt (ID = 2652)
13:06: c:\documents and settings\sophie\cookies\sophie@maxserving[1].txt (ID = 2966)
13:06: Found Spy Cookie: maxserving cookie
13:06: c:\documents and settings\sophie\cookies\sophie@marksandspencer.122.2o7[1].txt (ID = 1958)
13:06: c:\documents and settings\sophie\cookies\sophie@m.webtrends[2].txt (ID = 3669)
13:06: Found Spy Cookie: webtrends cookie
13:06: c:\documents and settings\sophie\cookies\sophie@homestore[1].txt (ID = 2793)
13:06: Found Spy Cookie: homestore cookie
13:06: c:\documents and settings\sophie\cookies\sophie@fastclick[2].txt (ID = 2651)
13:06: Found Spy Cookie: fastclick cookie
13:06: c:\documents and settings\sophie\cookies\sophie@edge.ru4[1].txt (ID = 3269)
13:06: Found Spy Cookie: ru4 cookie
13:06: c:\documents and settings\sophie\cookies\sophie@did-it[1].txt (ID = 2523)
13:06: Found Spy Cookie: did-it cookie
13:06: c:\documents and settings\sophie\cookies\sophie@cz6.clickzs[2].txt (ID = 2413)
13:06: c:\documents and settings\sophie\cookies\sophie@cz3.clickzs[2].txt (ID = 2413)
13:06: Found Spy Cookie: clickzs cookie
13:06: c:\documents and settings\sophie\cookies\sophie@counter.hitslink[2].txt (ID = 2790)
13:06: Found Spy Cookie: hitslink cookie
13:06: c:\documents and settings\sophie\cookies\sophie@cassava[1].txt (ID = 2362)
13:06: Found Spy Cookie: cassava cookie
13:06: c:\documents and settings\sophie\cookies\sophie@casalemedia[2].txt (ID = 2354)
13:06: Found Spy Cookie: casalemedia cookie
13:06: c:\documents and settings\sophie\cookies\sophie@burstnet[2].txt (ID = 2336)
13:06: Found Spy Cookie: burstnet cookie
13:06: c:\documents and settings\sophie\cookies\sophie@a[1].txt (ID = 2027)
13:06: Found Spy Cookie: a cookie
13:06: c:\documents and settings\sophie\cookies\sophie@atdmt[2].txt (ID = 2253)
13:06: Found Spy Cookie: atlas dmt cookie
13:06: c:\documents and settings\sophie\cookies\sophie@as1.falkag[2].txt (ID = 2650)
13:06: c:\documents and settings\sophie\cookies\sophie@as-us.falkag[1].txt (ID = 2650)
13:06: c:\documents and settings\sophie\cookies\sophie@as-eu.falkag[1].txt (ID = 2650)
13:06: Found Spy Cookie: falkag cookie
13:06: c:\documents and settings\sophie\cookies\sophie@apmebf[1].txt (ID = 2229)
13:06: Found Spy Cookie: apmebf cookie
13:06: c:\documents and settings\sophie\cookies\sophie@adviva[2].txt (ID = 2177)
13:06: Found Spy Cookie: adviva cookie
13:06: c:\documents and settings\sophie\cookies\sophie@advertising[1].txt (ID = 2175)
13:06: Found Spy Cookie: advertising cookie
13:06: c:\documents and settings\sophie\cookies\sophie@adtech[2].txt (ID = 2155)
13:06: Found Spy Cookie: adtech cookie
13:06: c:\documents and settings\sophie\cookies\sophie@ads.pointroll[2].txt (ID = 3148)
13:06: Found Spy Cookie: pointroll cookie
13:06: c:\documents and settings\sophie\cookies\sophie@ads.addynamix[1].txt (ID = 2062)
13:06: Found Spy Cookie: addynamix cookie
13:06: c:\documents and settings\sophie\cookies\sophie@adrevolver[2].txt (ID = 2088)
13:06: c:\documents and settings\sophie\cookies\sophie@adrevolver[1].txt (ID = 2088)
13:06: Found Spy Cookie: adrevolver cookie
13:06: c:\documents and settings\sophie\cookies\sophie@ad.yieldmanager[1].txt (ID = 3751)
13:06: Found Spy Cookie: yieldmanager cookie
13:06: c:\documents and settings\sophie\cookies\sophie@888[2].txt (ID = 2019)
13:06: c:\documents and settings\sophie\cookies\sophie@888[1].txt (ID = 2019)
13:06: Found Spy Cookie: 888 cookie
13:06: c:\documents and settings\sophie\cookies\sophie@2o7[2].txt (ID = 1957)
13:06: c:\documents and settings\sophie\cookies\sophie@247realmedia[1].txt (ID = 1953)
13:06: Found Spy Cookie: 247realmedia cookie
13:06: c:\documents and settings\sophie\cookies\sophie@112.2o7[2].txt (ID = 1958)
13:06: Found Spy Cookie: 2o7.net cookie
13:06: Starting Cookie Sweep
13:06: Registry Sweep Complete, Elapsed Time:00:01:12
13:05: HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (ID = 1006497)
13:05: HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (ID = 1006428)
13:05: Found Adware: spywarestrike
13:05: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 867115)
13:05: HKLM\software\classes\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (ID = 867105)
13:05: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (ID = 867026)
13:05: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (ID = 867014)
13:05: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866983)
13:05: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (ID = 866977)
13:05: HKLM\software\classes\appid\mpagent.dll\ (ID = 866967)
13:05: HKLM\software\classes\appid\amnotifier.exe\ (ID = 866961)
13:05: HKLM\software\classes\mpagent.agent.1\ (ID = 866947)
13:05: HKLM\software\classes\mpagent.agent\ (ID = 866941)
13:05: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (ID = 866919)
13:05: HKLM\software\classes\amnotifier.hubawindow.1\ (ID = 866917)
13:05: HKLM\software\classes\amnotifier.hubawindow\ (ID = 866911)
13:05: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866836)
13:05: HKCR\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (ID = 866826)
13:05: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (ID = 866747)
13:05: Found Trojan Horse: p2pnetwork
13:05: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (ID = 866735)
13:05: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866704)
13:05: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (ID = 866698)
13:05: HKCR\appid\mpagent.dll\ (ID = 866688)
13:05: HKCR\appid\amnotifier.exe\ (ID = 866682)
13:05: HKCR\mpagent.agent.1\ (ID = 866668)
13:05: HKCR\mpagent.agent\ (ID = 866662)
13:05: Found Adware: mediapipe
13:05: HKCR\amnotifier.hubawindow.1\ (ID = 866638)
13:05: HKCR\amnotifier.hubawindow\ (ID = 866632)
13:05: Found Adware: weirdontheweb
13:05: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
13:05: Found Adware: security2k hijacker
13:05: Spy Installation Shield: found: Adware: spyware quake, version 1.0.0.0 -- Execution allowed at user request
13:05: HKCR\typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}\ (ID = 103676)
13:05: HKLM\software\classes\typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}\ (ID = 103671)
13:05: HKLM\software\classes\engine.threat\ (ID = 103670)
13:05: HKLM\software\classes\engine.threat.1\ (ID = 103669)
13:05: HKLM\software\classes\engine.searchitem\ (ID = 103668)
13:05: HKLM\software\classes\engine.searchitem.1\ (ID = 103667)
13:05: HKLM\software\classes\engine.runas\ (ID = 103666)
13:05: HKLM\software\classes\engine.runas.1\ (ID = 103665)
13:05: HKLM\software\classes\engine.quarantine\ (ID = 103664)
13:05: HKLM\software\classes\engine.quarantine.1\ (ID = 103663)
13:05: HKLM\software\classes\engine.paths\ (ID = 103662)
13:05: HKLM\software\classes\engine.paths.1\ (ID = 103661)
13:05: HKLM\software\classes\engine.logrecord\ (ID = 103660)
13:05: HKLM\software\classes\engine.logrecord.1\ (ID = 103659)
13:05: HKLM\software\classes\engine.log\ (ID = 103658)
13:05: HKLM\software\classes\engine.log.1\ (ID = 103657)
13:05: HKLM\software\classes\engine.ignorelist\ (ID = 103656)
13:05: HKLM\software\classes\engine.ignorelist.1\ (ID = 103655)
13:05: HKLM\software\classes\engine.backup\ (ID = 103654)
13:05: HKLM\software\classes\engine.backup.1\ (ID = 103653)
13:05: HKLM\software\classes\clsid\{d6d64cdf-0363-4261-b723-29a3af365e1d}\ (ID = 103652)
13:05: HKLM\software\classes\clsid\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}\ (ID = 103651)
13:05: HKLM\software\classes\clsid\{125494b2-acad-414c-98b9-452f3ef7703a}\ (ID = 103650)
13:05: HKLM\software\classes\clsid\{408f660a-9465-44a3-b557-8709dfd992bc}\ (ID = 103649)
13:05: HKLM\software\classes\clsid\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}\ (ID = 103648)
13:05: HKLM\software\classes\clsid\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}\ (ID = 103647)
13:05: HKLM\software\classes\clsid\{9bb7e700-4e48-476d-b75c-6f47606be988}\ (ID = 103646)
13:05: HKLM\software\classes\clsid\{8ee6bf73-b370-4d13-9126-eb0071178f2e}\ (ID = 103645)
13:05: HKLM\software\classes\clsid\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}\ (ID = 103644)
13:05:

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:15 PM

Posted 25 July 2006 - 05:27 PM

It looks like your most recent scan with Spysweeper comes up with only cookies.
Are these folders still present?

c:\program files\spyheal
c:\program files\antivirusgolden

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Blah...

Blah...
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 27 July 2006 - 08:50 AM

Those folders do not seem to be present as far as i can see. Many thanks for looking anyway, i am most grateful, your services and help are most appreciated.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:15 PM

Posted 27 July 2006 - 07:13 PM

Anytime! :thumbsup:

As your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users