[bonniescot]

HI there

I got an instant message from a friend, and clicked on the link for IM-Names.com.........however, now when I start an instant message to friends, an auto message goes to them saying something like........I got my name from www.IM-names.com. I don't type this in, it just does it with every conversation, and it's driving me round the bend. How can I stop this happening.

I cannot find it installed on my system, so cannot use add/remove programmes like has been suggested.

Please help, thanks

bonniescot (scotland)

I'm on XP Pro

[Cheeseball81]

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[bonniescot]

Logfile of HijackThis v1.99.1
Scan saved at 11:19:29, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\componentlauncher.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\MGI\MGI PhotoSuite II\PhotoSuite.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...yqHUiUA+duDaeq
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CGuard Protect - {A3C27493-6C2D-4CCC-87E8-7077F2356EE1} - C:\PROGRA~1\COMPUT~1\CGuard\CMon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysExt] Rundll32.exe sysext32.dll,ClearMem
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134144061750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {F0C26064-7C20-41BC-ACBD-A38990B1B037} - C:\PROGRA~1\COMPUT~1\CGuard\CFilter.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Here's the log file requested, hope this helps Thanks

bonniescot, Scotland

[GLYNNROY]

hIJACK THIS NEEDS TO BE IN ITS OWN FOLDER


i WOULD WAIT BUT i WOULD IMAGE THESE NEED REMOVING

Manual Removal of Wild Tangent

1) Click on Start, Settings, Control Panel
2) Double-click on Add/Remove Programs
3) Click on the WildTangent selection and Change/Remove, Uninstall, or Add/Remove depending on the operating system. Then follow the onscreen prompts to remove the WT Driver.
4) Now run Hijackthis and fix or Remove the following lineS

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

[Cheeseball81]

It's in Program Files. It's fine where it is.

Uninstall the following from Add/Remove Programs (if listed there):

2search
MyWebSearch
Viewpoint Manager
WildTangent

* Click here to download the trial version of Ewido Security Suite.

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.

[Flrman1]

GLYNNROY

I see you have your own Hijack This log posted here:

http://forums.techguy.org/security/4...ml#post3499204

I don't see how you can begin to think you are qualified to analyze someone else's HJT log when you don't even know how to take care of your own. Please leave the HJT logs to those who are and qualified to deal with them

[bonniescot]

Hi there

I have the 2 files saved to my desktop, but i am unable to post them here It says they are over 30000 characters long. Any ideas?? I tried to attach files, but this did not seem to work.

bonniescot (scotland)

[bonniescot]

oops looks like my attachments are there after all.

[Cheeseball81]

Pasting your log here for easier viewing

Logfile of HijackThis v1.99.1
Scan saved at 13:01:01, on 09/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchFilter.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...yqHUiUA+duDaeq
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CGuard Protect - {A3C27493-6C2D-4CCC-87E8-7077F2356EE1} - C:\PROGRA~1\COMPUT~1\CGuard\CMon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysExt] Rundll32.exe sysext32.dll,ClearMem
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?c3f9c8fc84c848d0b484a56e34ba6d8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?c3f9c8fc84c848d0b484a56e34ba6d8
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134144061750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {F0C26064-7C20-41BC-ACBD-A38990B1B037} - C:\PROGRA~1\COMPUT~1\CGuard\CFilter.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Cheeseball81]

* Click here to download Webroot SpySweeper.

(It's a 2 week trial.)

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.

[bonniescot]

********
18:43: | Start of Session, 10 April 2006 |
18:43: Spy Sweeper started
18:43: Sweep initiated using definitions version 652
18:43: Starting Memory Sweep
18:48: Memory Sweep Complete, Elapsed Time: 00:05:03
18:48: Starting Registry Sweep
18:48: Found Adware: hotbar
18:48: HKCR\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 subtraces) (ID = 127230)
18:48: HKCR\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 subtraces) (ID = 127232)
18:48: HKCR\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (10 subtraces) (ID = 127233)
18:48: HKCR\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 subtraces) (ID = 127252)
18:48: HKCR\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 subtraces) (ID = 127253)
18:48: HKCR\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 subtraces) (ID = 127255)
18:48: HKCR\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (11 subtraces) (ID = 127270)
18:48: HKCR\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (4 subtraces) (ID = 127271)
18:48: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127325)
18:48: HKCR\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 subtraces) (ID = 127334)
18:48: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127339)
18:48: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127353)
18:48: HKLM\software\classes\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 subtraces) (ID = 127395)
18:48: HKLM\software\classes\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 subtraces) (ID = 127397)
18:48: HKLM\software\classes\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (10 subtraces) (ID = 127398)
18:48: HKLM\software\classes\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 subtraces) (ID = 127415)
18:48: HKLM\software\classes\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\ (2 subtraces) (ID = 127416)
18:48: HKLM\software\classes\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 subtraces) (ID = 127417)
18:48: HKLM\software\classes\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 subtraces) (ID = 127419)
18:48: HKLM\software\classes\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (11 subtraces) (ID = 127434)
18:48: HKLM\software\classes\clsid\{ea232a0a-46f8-4d44-a30b-50321518a828}\ (4 subtraces) (ID = 127435)
18:48: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127490)
18:48: HKLM\software\classes\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 subtraces) (ID = 127499)
18:48: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127503)
18:48: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127514)
18:48: HKLM\software\classes\spamblockerconfig.application\ (3 subtraces) (ID = 127536)
18:48: HKLM\software\classes\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (ID = 127537)
18:48: HKLM\software\classes\typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\ (ID = 127542)
18:48: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (ID = 127543)
18:48: HKLM\software\classes\typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\ (ID = 127545)
18:48: HKLM\software\classes\typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\ (ID = 127547)
18:48: HKLM\software\classes\typelib\{45397063-d7d0-47c2-9508-26487608a298}\ (ID = 127549)
18:48: HKLM\software\classes\typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\ (ID = 127552)
18:48: HKLM\software\classes\typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\ (ID = 127558)
18:48: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (1 subtraces) (ID = 127592)
18:48: HKLM\software\spam blocker\ (14 subtraces) (ID = 127633)
18:48: HKCR\spamblockerconfig.application\ (3 subtraces) (ID = 127634)
18:48: HKCR\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (ID = 127635)
18:48: HKCR\typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\ (ID = 127640)
18:48: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (ID = 127641)
18:48: HKCR\typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\ (ID = 127643)
18:48: HKCR\typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\ (ID = 127645)
18:48: HKCR\typelib\{45397063-d7d0-47c2-9508-26487608a298}\ (ID = 127647)
18:48: HKCR\typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\ (ID = 127651)
18:48: HKCR\typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\ (ID = 127657)
18:48: Found Adware: screensavers
18:48: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
18:48: Found Adware: starware toolbar
18:48: HKCR\clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (6 subtraces) (ID = 142841)
18:48: HKCR\clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (6 subtraces) (ID = 142842)
18:48: HKLM\software\classes\clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (6 subtraces) (ID = 142849)
18:48: HKLM\software\classes\clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (6 subtraces) (ID = 142850)
18:48: Found Adware: starware.com hijack
18:48: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 142868)
18:48: Found System Monitor: xpc spy pro
18:48: HKLM\software\classes\appmon.tshellexecutehook\ (3 subtraces) (ID = 147712)
18:48: HKLM\software\microsoft\windows\currentversion\shellpath\ (1 subtraces) (ID = 147718)
18:48: Found Adware: whenu save
18:48: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (ID = 773950)
18:48: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (ID = 773992)
18:48: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (1 subtraces) (ID = 774241)
18:48: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (1 subtraces) (ID = 774517)
18:48: Found Adware: winantispyware 2005
18:48: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
18:48: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
18:48: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 812934)
18:48: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
18:48: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
18:48: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
18:48: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 813436)
18:48: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
18:48: Found Adware: 2search
18:48: HKCR\googlecatch.clsiespy\ (3 subtraces) (ID = 832747)
18:48: HKCR\typelib\{4508e20a-acad-11d2-9fc0-00550076e06f}\ (9 subtraces) (ID = 832791)
18:48: HKLM\software\classes\googlecatch.clsiespy\ (3 subtraces) (ID = 832841)
18:48: HKLM\software\classes\typelib\{4508e20a-acad-11d2-9fc0-00550076e06f}\ (9 subtraces) (ID = 832850)
18:48: HKLM\software\microsoft\windows\currentversion\run\ || 2search (ID = 870988)
18:48: HKCR\sbcoresrv.coreservices\ (5 subtraces) (ID = 968212)
18:48: HKCR\sbcoresrv.coreservices.1\ (3 subtraces) (ID = 968218)
18:48: HKCR\sbcoresrv.lfgax\ (5 subtraces) (ID = 968222)
18:48: HKCR\sbcoresrv.lfgax.1\ (3 subtraces) (ID = 968228)
18:48: HKCR\sbhostie.bho\ (5 subtraces) (ID = 968232)
18:48: HKCR\sbhostie.bho.1\ (3 subtraces) (ID = 968238)
18:48: HKCR\sbhostol.mailanim\ (5 subtraces) (ID = 968242)
18:48: HKCR\sbhostol.mailanim.1\ (3 subtraces) (ID = 968248)
18:48: HKCR\sbhostol.webmailsend\ (5 subtraces) (ID = 968252)
18:48: HKCR\sbhostol.webmailsend.1\ (3 subtraces) (ID = 968258)
18:48: HKCR\sbinstie.sbinstobj\ (5 subtraces) (ID = 968262)
18:48: HKCR\sbinstie.sbinstobj.1\ (3 subtraces) (ID = 968268)
18:48: HKCR\sbsrv.coreservices\ (5 subtraces) (ID = 968272)
18:48: HKCR\sbsrv.coreservices.1\ (3 subtraces) (ID = 968278)
18:48: HKCR\sbtoolbar.htmlmenuui\ (5 subtraces) (ID = 968282)
18:48: HKCR\sbtoolbar.htmlmenuui.1\ (3 subtraces) (ID = 968288)
18:48: HKCR\sbtoolbar.toolbarctl\ (5 subtraces) (ID = 968292)
18:48: HKCR\sbtoolbar.toolbarctl.1\ (3 subtraces) (ID = 968298)
18:48: HKCR\sbwallpaper.wallpapermanager\ (5 subtraces) (ID = 968302)
18:48: HKCR\sbwallpaper.wallpapermanager.1\ (3 subtraces) (ID = 968308)
18:48: HKCR\spamblockerconfig.application.1\ (3 subtraces) (ID = 968312)
18:48: HKCR\spamblockerutility.commband\ (5 subtraces) (ID = 968316)
18:48: HKCR\spamblockerutility.sbmain\ (5 subtraces) (ID = 968326)
18:48: HKCR\spamblockerutility.sbmain.1\ (3 subtraces) (ID = 968332)
18:48: HKCR\spamblockerutility.travelcomparebar\ (5 subtraces) (ID = 968336)
18:48: HKCR\spamblockerutility.travelcomparebar.1\ (3 subtraces) (ID = 968342)
18:48: HKCR\clsid\{00b498e3-0543-4624-8fde-1caf89a80550}\ (4 subtraces) (ID = 968350)
18:48: HKCR\clsid\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e}\ (4 subtraces) (ID = 968451)
18:48: HKLM\software\classes\sbcoresrv.coreservices\ (5 subtraces) (ID = 968767)
18:48: HKLM\software\classes\sbcoresrv.coreservices.1\ (3 subtraces) (ID = 968773)
18:48: HKLM\software\classes\sbcoresrv.lfgax\ (5 subtraces) (ID = 968777)
18:48: HKLM\software\classes\sbcoresrv.lfgax.1\ (3 subtraces) (ID = 968783)
18:48: HKLM\software\classes\sbhostie.bho\ (5 subtraces) (ID = 968787)
18:48: HKLM\software\classes\sbhostie.bho.1\ (3 subtraces) (ID = 968793)
18:48: HKLM\software\classes\sbhostol.mailanim\ (5 subtraces) (ID = 968797)
18:48: HKLM\software\classes\sbhostol.mailanim.1\ (3 subtraces) (ID = 968803)
18:48: HKLM\software\classes\sbhostol.webmailsend\ (5 subtraces) (ID = 968807)
18:48: HKLM\software\classes\sbhostol.webmailsend.1\ (3 subtraces) (ID = 968813)
18:48: HKLM\software\classes\sbinstie.sbinstobj\ (5 subtraces) (ID = 968817)
18:48: HKLM\software\classes\sbinstie.sbinstobj.1\ (3 subtraces) (ID = 968823)
18:48: HKLM\software\classes\sbsrv.coreservices\ (5 subtraces) (ID = 968827)
18:48: HKLM\software\classes\sbsrv.coreservices.1\ (3 subtraces) (ID = 968833)
18:48: HKLM\software\classes\sbtoolbar.htmlmenuui\ (5 subtraces) (ID = 968837)
18:48: HKLM\software\classes\sbtoolbar.htmlmenuui.1\ (3 subtraces) (ID = 968843)
18:48: HKLM\software\classes\sbtoolbar.toolbarctl\ (5 subtraces) (ID = 968847)
18:48: HKLM\software\classes\sbtoolbar.toolbarctl.1\ (3 subtraces) (ID = 968853)
18:48: HKLM\software\classes\sbwallpaper.wallpapermanager\ (5 subtraces) (ID = 968857)
18:48: HKLM\software\classes\spamblockerconfig.application.1\ (3 subtraces) (ID = 968867)
18:48: HKLM\software\classes\spamblockerutility.commband\ (5 subtraces) (ID = 968871)
18:48: HKLM\software\classes\spamblockerutility.commband.1\ (3 subtraces) (ID = 968877)
18:48: HKLM\software\classes\spamblockerutility.sbmain\ (5 subtraces) (ID = 968881)
18:48: HKLM\software\classes\spamblockerutility.sbmain.1\ (3 subtraces) (ID = 968887)
18:48: HKLM\software\classes\spamblockerutility.travelcomparebar\ (5 subtraces) (ID = 968891)
18:48: HKLM\software\classes\spamblockerutility.travelcomparebar.1\ (3 subtraces) (ID = 968897)
18:48: HKLM\software\classes\clsid\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e}\ (4 subtraces) (ID = 969006)
18:48: HKLM\software\microsoft\office\outlook\addins\sbhostol.mailanim\ (4 subtraces) (ID = 975743)
18:48: HKLM\software\microsoft\windows\currentversion\uninstall\spam blocker utility shopperreports\ (5 subtraces) (ID = 975748)
18:48: HKLM\software\microsoft\windows\currentversion\uninstall\spamblockeroutlook tools\ (3 subtraces) (ID = 975754)
18:48: HKLM\software\microsoft\windows\currentversion\uninstall\spamblockerwebtool s\ (3 subtraces) (ID = 975758)
18:48: HKLM\software\spamblockerutility\ (61 subtraces) (ID = 978182)
18:48: HKLM\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform\ || spamblockerutility 4.7.1 (ID = 993504)
18:48: HKCR\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\ (2 subtraces) (ID = 1084062)
18:48: HKCR\jokester.prank\ (5 subtraces) (ID = 1166068)
18:48: HKCR\jokester.prank.1\ (3 subtraces) (ID = 1166074)
18:48: HKCR\clsid\{85a616ee-142c-4d52-9f45-c469964e109e}\ (14 subtraces) (ID = 1166078)
18:48: HKCR\typelib\{c94d0190-978f-46c8-b48b-339362176ed8}\ (9 subtraces) (ID = 1166093)
18:48: HKLM\software\classes\jokester.prank\ (5 subtraces) (ID = 1166104)
18:48: HKLM\software\classes\jokester.prank.1\ (3 subtraces) (ID = 1166110)
18:48: HKLM\software\classes\clsid\{85a616ee-142c-4d52-9f45-c469964e109e}\ (14 subtraces) (ID = 1166114)
18:48: HKLM\software\classes\typelib\{c94d0190-978f-46c8-b48b-339362176ed8}\ (9 subtraces) (ID = 1166129)
18:48: HKU\WRSS_Profile_S-1-5-21-1390067357-630328440-682003330-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
18:48: HKU\WRSS_Profile_S-1-5-21-1390067357-630328440-682003330-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
18:48: HKU\WRSS_Profile_S-1-5-21-1390067357-630328440-682003330-1005\software\starware\ (14 subtraces) (ID = 142866)
18:48: HKU\WRSS_Profile_S-1-5-21-1390067357-630328440-682003330-1005\software\microsoft\windows\currentversion\uninstall\2search\ (ID = 770614)
18:48: HKU\WRSS_Profile_S-1-5-21-1390067357-630328440-682003330-1005\software\microsoft\windows\currentversion\explorer\browser helper objects\{4508e20c-acad-11d2-9fc0-00550076e06f}\ (ID = 770615)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\microsoft\internet explorer\explorer bars\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (2 subtraces) (ID = 127571)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
18:48: HKU\S-1-5-21-1390067357-630328440-682003330-1003\software\spamblockerutility\ (170 subtraces) (ID = 968537)
18:48: Registry Sweep Complete, Elapsed Time:00:00:16
18:48: Starting Cookie Sweep
18:48: Found Spy Cookie: adlegend cookie
18:48: anyone@adlegend[1].txt (ID = 2074)
18:48: Found Spy Cookie: touchclarity cookie
18:48: anyone@barclays.touchclarity[1].txt (ID = 3566)
18:48: anyone@hsbc.touchclarity[1].txt (ID = 3566)
18:48: anyone@msn.touchclarity[1].txt (ID = 3566)
18:48: Found Spy Cookie: mywebsearch cookie
18:48: anyone@mywebsearch[2].txt (ID = 3051)
18:48: Found Spy Cookie: dealtime cookie
18:48: anyone@stat.dealtime[1].txt (ID = 2506)
18:48: Found Spy Cookie: about cookie
18:48: default@about[2].txt (ID = 2037)
18:48: default@adlegend[1].txt (ID = 2074)
18:48: Found Spy Cookie: hbmediapro cookie
18:48: default@adopt.hbmediapro[2].txt (ID = 2768)
18:48: Found Spy Cookie: adrevolver cookie
18:48: default@adrevolver[2].txt (ID = 2088)
18:48: Found Spy Cookie: pointroll cookie
18:48: default@ads.pointroll[2].txt (ID = 3148)
18:48: Found Spy Cookie: adreactor cookie
18:48: default@adserver.adreactor[1].txt (ID = 2087)
18:48: Found Spy Cookie: adultfriendfinder cookie
18:48: default@adultfriendfinder[1].txt (ID = 2165)
18:48: Found Spy Cookie: advertising cookie
18:48: default@advertising[1].txt (ID = 2175)
18:48: Found Spy Cookie: alt cookie
18:48: default@alt[2].txt (ID = 2217)
18:48: Found Spy Cookie: associated new media cookie
18:48: default@anm.co[2].txt (ID = 2223)
18:48: Found Spy Cookie: apmebf cookie
18:48: default@apmebf[2].txt (ID = 2229)
18:48: Found Spy Cookie: askmen cookie
18:48: default@askmen[2].txt (ID = 2247)
18:48: Found Spy Cookie: atlas dmt cookie
18:48: default@atdmt[2].txt (ID = 2253)
18:48: Found Spy Cookie: belnk cookie
18:48: default@ath.belnk[2].txt (ID = 2293)
18:48: Found Spy Cookie: atwola cookie
18:48: default@atwola[1].txt (ID = 2255)
18:48: Found Spy Cookie: azjmp cookie
18:48: default@azjmp[2].txt (ID = 2270)
18:48: Found Spy Cookie: a cookie
18:48: default@a[1].txt (ID = 2027)
18:48: default@belnk[1].txt (ID = 2292)
18:48: default@busycooks.about[1].txt (ID = 2038)
18:48: Found Spy Cookie: barelylegal cookie
18:48: default@c.fsx[2].txt (ID = 2286)
18:48: Found Spy Cookie: ccbill cookie
18:48: default@ccbill[1].txt (ID = 2369)
18:48: Found Spy Cookie: cgi-win cookie
18:48: default@cgi-win[1].txt (ID = 2376)
18:48: default@compsimgames.about[1].txt (ID = 2038)
18:48: Found Spy Cookie: go.com cookie
18:48: default@corporate.disney.go[1].txt (ID = 2729)
18:48: Found Spy Cookie: hotbar cookie
18:48: default@cs.hotbar[1].txt (ID = 2798)
18:48: Found Spy Cookie: 360i cookie
18:48: default@ct.360i[2].txt (ID = 1962)
18:48: Found Spy Cookie: did-it cookie
18:48: default@did-it[2].txt (ID = 2523)
18:48: default@dist.belnk[1].txt (ID = 2293)
18:48: default@easyjet.touchclarity[1].txt (ID = 3566)
18:48: default@familyinternet.about[1].txt (ID = 2038)
18:48: default@go[1].txt (ID = 2728)
18:48: Found Spy Cookie: hotmatch cookie
18:48: default@hotmatch[1].txt (ID = 3854)
18:48: default@interiordec.about[2].txt (ID = 2038)
18:48: Found Spy Cookie: maxserving cookie
18:48: default@maxserving[1].txt (ID = 2966)
18:48: Found Spy Cookie: mediaplex cookie
18:48: default@mediaplex[2].txt (ID = 6442)
18:48: default@msn.touchclarity[1].txt (ID = 3566)
18:48: default@mywebsearch[1].txt (ID = 3051)
18:48: Found Spy Cookie: pricegrabber cookie
18:48: default@ostg.pricegrabber[1].txt (ID = 3186)
18:48: Found Spy Cookie: falkag cookie
18:48: default@sel.as-us.falkag[1].txt (ID = 2650)
18:48: Found Spy Cookie: servlet cookie
18:48: default@servlet[2].txt (ID = 3345)
18:48: default@southernfood.about[1].txt (ID = 2038)
18:48: Found Spy Cookie: sexsearch cookie
18:48: default@ss.splash.sexsearch[1].txt (ID = 3358)
18:48: Found Spy Cookie: stamps.com cookie
18:48: default@stamps[1].txt (ID = 3437)
18:48: Found Spy Cookie: statcounter cookie
18:48: default@statcounter[2].txt (ID = 3447)
18:48: default@tooltips.hotbar[1].txt (ID = 2798)
18:48: Found Spy Cookie: tribalfusion cookie
18:48: default@tribalfusion[2].txt (ID = 3589)
18:48: Found Spy Cookie: webpower cookie
18:48: default@webpower[2].txt (ID = 3660)
18:48: Found Spy Cookie: 123count cookie
18:48: default@www.123count[2].txt (ID = 1928)
18:48: Found Spy Cookie: starpulse cookie
18:48: default@www.starpulse[1].txt (ID = 3440)
18:48: Found Spy Cookie: xiti cookie
18:48: default@xiti[1].txt (ID = 3717)
18:48: Found Spy Cookie: xren_cj cookie
18:48: default@xren_cj[2].txt (ID = 3723)
18:48: Cookie Sweep Complete, Elapsed Time: 00:00:07
18:48: Starting File Sweep
18:48: c:\documents and settings\default\application data\spamblockerutility (295 subtraces) (ID = -2147465763)
18:48: c:\program files\spamblockerutility_icons (2 subtraces) (ID = -2147465204)
18:48: c:\program files\winfixer2005 (ID = -2147471814)
18:48: c:\program files\spamblockerutility\bin (20 subtraces) (ID = -2147461053)
18:48: c:\program files\spamblockerutility\bin\4.7.1.0 (18 subtraces) (ID = -2147461052)
18:48: c:\program files\spamblockerutility (22 subtraces) (ID = -2147465762)
18:49: d_icons_buttons_1000.res (ID = 121822)
18:49: d_icons_buttons_1000.xip (ID = 114339)
18:51: a0042375.dll (ID = 246207)
18:51: d_icons_buttons_3000.res (ID = 121824)
18:51: d_icons_buttons_3000.res (ID = 121824)
18:52: a0042551.exe (ID = 216233)
18:53: d_icons_buttons_2000.xip (ID = 114390)
18:53: Found Adware: bullguard popup ad
18:53: bulldownload.exe (ID = 52017)
18:53: a0042548.exe (ID = 246247)
18:53: a0042553.dll (ID = 62273)
18:53: sbtrayappps.dll (ID = 188207)
18:54: sbuires.dll (ID = 188208)
18:54: sbuiskin.dll (ID = 188209)
18:56: a0042361.exe (ID = 244786)
18:57: d_icons_buttons_1000.res (ID = 121822)
18:58: a0042560.dll (ID = 188210)
18:58: d_icons_weather.res (ID = 121840)
18:58: acm.dll (ID = 182873)
18:59: d_icons_buttons_2000.res (ID = 121823)
19:00: d_icons_buttons_2000.res (ID = 121823)
19:00: a0041253.exe (ID = 188194)
19:01: a0042554.dll (ID = 188191)
19:02: dbenderc.dll (ID = 62276)
19:02: tsd_bg.res (ID = 62382)
19:02: progress.res (ID = 62367)
19:02: d_icons_buttons_bbar1.res (ID = 121825)
19:03: sbclientsinkps.dll (ID = 188192)
19:04: a0042377.exe (ID = 244787)
19:04: d_icons_buttons_3000.xip (ID = 114353)
19:04: d_icons_weather.xip (ID = 121860)
19:04: d_icons_weather.res (ID = 121840)
19:04: tsd_bg.xip (ID = 62383)
19:04: tsd_bg.res (ID = 62382)
19:04: jokes[1].exe (ID = 277546)
19:05: a0042362.exe (ID = 244788)
19:05: a0042378.exe (ID = 244788)
19:05: a0042562.dll (ID = 277521)
19:05: sbuninst.exe (ID = 188214)
19:05: progress.res (ID = 62367)
19:05: a0040276.exe (ID = 244787)
19:05: a0041663.exe (ID = 190484)
19:05: a0040275.exe (ID = 244786)
19:06: a0042380.exe (ID = 188200)
19:06: a0042200.dll (ID = 188196)
19:06: a0042360.exe (ID = 244787)
19:06: a0042215.dll (ID = 246207)
19:06: a0042552.exe (ID = 188189)
19:06: a0042558.dll (ID = 188199)
19:06: a0042544.dll (ID = 277522)
19:06: a0042214.dll (ID = 216232)
19:06: sbolexp.dll (ID = 188201)
19:06: a0042557.dll (ID = 188195)
19:06: a0042559.dll (ID = 188206)
19:07: a0042556.exe (ID = 188194)
19:07: sbinst.exe (ID = 188198)
19:07: sbshprrprt.exe (ID = 188203)
19:07: sbsrv.exe (ID = 188204)
19:07: a0042561.exe (ID = 188211)
19:07: spamblocker.exe (ID = 188212)
19:08: a0040277.exe (ID = 244788)
19:10: a0042555.dll (ID = 188193)
19:10: winfixer2006freeinstall[1].cab (ID = 269737)
19:11: d_icons_buttons_bbar1.xip (ID = 114354)
19:11: d_icons_buttons_bbar1.res (ID = 121825)
19:11: sbolext.dll (ID = 188202)
19:11: a0042376.exe (ID = 244786)
19:11: sbhostol.dll (ID = 188197)
19:13: sbsrvps.dll (ID = 188205)
19:14: dfd.sys (ID = 162513)
19:15: Found Adware: instafinder
19:15: a0036686.dll (ID = 165717)
19:16: a0039780.dll (ID = 246207)
19:17: linkpathlegal.txt (ID = 121849)
19:17: d_icons_buttons_logos.res (ID = 62283)
19:18: d_icons_buttons_other.res (ID = 62283)
19:18: d_icons_buttons_bar.res (ID = 62283)
19:18: default_mails.mnu (ID = 121821)
19:18: email-def-511724-9595.mnu (ID = 121842)
19:18: ads.cdf (ID = 121815)
19:18: hotbar-premium.cdf (ID = 121845)
19:18: hotbar-premium-hotbar-premium.mnu (ID = 121844)
19:18: upgradeinfo[1].ver (ID = 162972)
19:18: linkpathlegal.xip (ID = 121866)
19:18: linkpathlegal.txt (ID = 121849)
19:18: d_icons_buttons_logos.xip (ID = 62294)
19:18: d_icons_buttons_logos.res (ID = 62283)
19:18: d_icons_buttons_other.xip (ID = 62294)
19:18: d_icons_buttons_other.res (ID = 62283)
19:18: progress.xip (ID = 62368)
19:18: d_icons_buttons_bar.xip (ID = 62294)
19:18: d_icons_buttons_bar.res (ID = 62283)
19:18: business_promo.xip (ID = 121856)
19:18: hotbar_promo.xip (ID = 240974)
19:18: default_mails.mnu (ID = 121821)
19:18: email-def-511724-9595.mnu (ID = 121842)
19:18: ads.xip (ID = 121855)
19:18: ads.cdf (ID = 121815)
19:18: hotbar-premium.xip (ID = 114359)
19:18: hotbar-premium.cdf (ID = 121845)
19:19: hotbar-premium-hotbar-premium.mnu (ID = 121844)
19:22: File Sweep Complete, Elapsed Time: 00:33:21
19:22: Full Sweep has completed. Elapsed time 00:38:55
19:22: Traces Found: 1608
19:23: Removal process initiated
19:23: Quarantining All Traces: xpc spy pro
19:23: Quarantining All Traces: hotbar
19:24: Quarantining All Traces: starware toolbar
19:24: Quarantining All Traces: 2search
19:24: Quarantining All Traces: bullguard popup ad
19:24: Quarantining All Traces: instafinder
19:24: Quarantining All Traces: screensavers
19:24: Quarantining All Traces: starware.com hijack
19:24: Quarantining All Traces: 123count cookie
19:24: Quarantining All Traces: 360i cookie
19:24: Quarantining All Traces: a cookie
19:24: Quarantining All Traces: about cookie
19:24: Quarantining All Traces: adlegend cookie
19:24: Quarantining All Traces: adreactor cookie
19:24: Quarantining All Traces: adrevolver cookie
19:24: Quarantining All Traces: adultfriendfinder cookie
19:24: Quarantining All Traces: advertising cookie
19:24: Quarantining All Traces: alt cookie
19:24: Quarantining All Traces: apmebf cookie
19:24: Quarantining All Traces: askmen cookie
19:24: Quarantining All Traces: associated new media cookie
19:24: Quarantining All Traces: atlas dmt cookie
19:24: Quarantining All Traces: atwola cookie
19:24: Quarantining All Traces: azjmp cookie
19:24: Quarantining All Traces: barelylegal cookie
19:24: Quarantining All Traces: belnk cookie
19:24: Quarantining All Traces: ccbill cookie
19:24: Quarantining All Traces: cgi-win cookie
19:24: Quarantining All Traces: dealtime cookie
19:24: Quarantining All Traces: did-it cookie
19:24: Quarantining All Traces: falkag cookie
19:24: Quarantining All Traces: go.com cookie
19:24: Quarantining All Traces: hbmediapro cookie
19:24: Quarantining All Traces: hotbar cookie
19:24: Quarantining All Traces: hotmatch cookie
19:24: Quarantining All Traces: maxserving cookie
19:24: Quarantining All Traces: mediaplex cookie
19:24: Quarantining All Traces: mywebsearch cookie
19:24: Quarantining All Traces: pointroll cookie
19:24: Quarantining All Traces: pricegrabber cookie
19:24: Quarantining All Traces: servlet cookie
19:24: Quarantining All Traces: sexsearch cookie
19:24: Quarantining All Traces: stamps.com cookie
19:24: Quarantining All Traces: starpulse cookie
19:24: Quarantining All Traces: statcounter cookie
19:24: Quarantining All Traces: touchclarity cookie
19:24: Quarantining All Traces: tribalfusion cookie
19:24: Quarantining All Traces: webpower cookie
19:24: Quarantining All Traces: whenu save
19:24: Quarantining All Traces: winantispyware 2005
19:24: Quarantining All Traces: xiti cookie
19:24: Quarantining All Traces: xren_cj cookie
19:25: Removal process completed. Elapsed time 00:01:44
********
18:39: | Start of Session, 10 April 2006 |
18:39: Spy Sweeper started
18:40: Your spyware definitions have been updated.

18:43: | End of Session, 10 April 2006




Spysweeper log from bonniescot |

[bonniescot]

Logfile of HijackThis v1.99.1
Scan saved at 19:31:52, on 10/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CGuard Protect - {A3C27493-6C2D-4CCC-87E8-7077F2356EE1} - C:\PROGRA~1\COMPUT~1\CGuard\CMon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysExt] Rundll32.exe sysext32.dll,ClearMem
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?c3f9c8fc84c848d0b484a56e34ba6d8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?c3f9c8fc84c848d0b484a56e34ba6d8
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134144061750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {F0C26064-7C20-41BC-ACBD-A38990B1B037} - C:\PROGRA~1\COMPUT~1\CGuard\CFilter.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



New Hijack This log from bonniescot

Looks like I had a nasty Hijacker on board, going by the spysweeper log. Thanks for all your help so far. Just tell me what I should be doing next. Thanks

bonniescot, Scotland.

[Cheeseball81]

No problem

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.

[bonniescot]

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyWebSearch
Potentially unwanted tool:application/need2find Not disinfected HKEY_CURRENT_USER\SOFTWARE\NEED2FIND
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default\Cookies\default@atdmt[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Default\Cookies\default@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Default\Cookies\default@cgi-bin[6].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Default\Cookies\default@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default\Cookies\default@hitbox[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Default\Cookies\default@searchportal.information[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Default\Cookies\default@statcounter[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Default\Cookies\default@winfixer[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Default\Cookies\default@xmts[1].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Anyone\Local Settings\Temporary Internet Files\Content.IE5\LT1FKS1J\channels_02[1].gif
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default\Cookies\default@atdmt[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Default\Cookies\default@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Default\Cookies\default@cgi-bin[6].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Default\Cookies\default@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default\Cookies\default@hitbox[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Default\Cookies\default@searchportal.information[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Default\Cookies\default@statcounter[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Default\Cookies\default@winfixer[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Default\Cookies\default@xmts[1].txt
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Default\Local Settings\Temp\p2psetup.exe
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\IM-Names[1].exe[main.exe]
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\IM-Names[1].exe[1.exe]
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\IM-Names[1].exe[main.exe]
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\IM-Names[1].exe[uninstall.exe]
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\IM-Names[1].exe[get.exe]
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\IM-Names[1].exe[2search.dll]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\GLMBW92J\zango[1].htm
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\MXB8HKZI\SmileyCentralFWBInitialSetup1.0.0.15[1].cab
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\MXB8HKZI\SmileyCentralFWBInitialSetup1.0.0.15[1].cab[f3initialsetup1.0.0.15.inf]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\MXB8HKZI\SmileyCentralFWBInitialSetup1.0.0.15[1].cab[f3Setup1.exe]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\FunWebProducts\Installr\3.bin\F3EZSETP.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Adware:Adware/SaveNow Not disinfected C:\Program Files\MyEmoticons\uninstall.exe
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq145.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq155.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15E.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq164.tmp
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp\PrCheck.dll
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\Downloaded Program Files\pinstall.dll


Thanks again Here's the Panda scan results. Will keep a check on what to do next

Meg, Scotland

[Cheeseball81]

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R3 - URLSearchHook: (no name) - - (no file)

O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab

Exit Hijack This.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  C:\Program Files\SpamBlockerUtility
  C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
  C:\PROGRAM FILES\MyWebSearch
  C:\Program Files\FunWebProducts
  C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
  C:\Program Files\MyEmoticons\uninstall.exe
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq145.tmp
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq155.tmp
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15E.tmp
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq164.tmp
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp\PrCheck.dll
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp
  C:\WINDOWS\Downloaded Program Files\pinstall.dll
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post a new Hijack This log.
There are still a few suspicious entries I wanna look into.