1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Popcorn - - pop up from the devil!

Discussion in 'All Other Software' started by SpanishDancer, Jul 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Hi: How do I get rid of this? Looking at the other posts I see you recommend downloading the HiJack freeware, sharing the log files with you and going from there, correct?:mad:

    I had read in another post that this is an LOP infection (whatever that is) and to delete Messenger Plus from my system by using the Add/Remove program features. I do not appear to have Messenger on my system.

    Thank you....
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    No it is not a lop - yes post a hijack log but first

    Go to Control Panel – Add/Remove Programs and remove any of these that you find there:

    MovieLand
    MediaPipe
    AccessMedia or My Access Media
    ItBill
    MsMovies
    P2Pnetworks
    Moviepass licence manager
    Notification Utility or Notify or Notifier

    Boot and then post a log
     
  3. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Logfile of HijackThis v1.99.1
    Hi: I didn't find any of the programs you mentioned. I did download the software , rebooted and post the log file below.


    Scan saved at 4:25:02 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Common Files\AOL\1127523287\ee\AOLSoftware.exe
    C:\Program Files\IBackup for Windows\IBMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\License_Manager\license_manager.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Handspring\HOTSYNC.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\IBackup for Windows\IBackground.exe
    c:\program files\common files\aol\1127523287\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1127523287\ee\aolsoftware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\HPZinw12.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
    O1 - Hosts: 172.17.2.2 nolan
    O1 - Hosts: 172.17.2.5 sqlserver2k
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127523287\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IBWin Background process] "C:\Program Files\IBackup for Windows\IBackground.exe"
    O4 - HKLM\..\Run: [IBWin Monitor] "C:\Program Files\IBackup for Windows\IBMonitor.exe" Min
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: http://www.kodakgallery.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136531356871
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://exacttarget.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  5. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Hi MSDnSC:

    Here is the SpySweep log file. FYI, when I was getting ready to make this reply to you the popcorn pop up appeared once again.


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
    O1 - Hosts: 172.17.2.2 nolan
    O1 - Hosts: 172.17.2.5 sqlserver2k
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
    O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Norton Password Manager\AcctMgr.exe" /startup
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1127523287\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IBWin Background process] "C:\Program Files\IBackup for Windows\IBackground.exe"
    O4 - HKLM\..\Run: [IBWin Monitor] "C:\Program Files\IBackup for Windows\IBMonitor.exe" Min
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\ibmmessages.exe"
    O4 - HKCU\..\Run: [OfotoNow USB Detection] "C:\WINDOWS\system32\RunDLL32.exe" C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: http://www.kodakgallery.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136531356871
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://exacttarget.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  6. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    1:43 AM: Removal process completed. Elapsed time 00:00:31
    1:43 AM: Quarantining All Traces: adserver cookie
    1:43 AM: Quarantining All Traces: yadro cookie
    1:43 AM: Quarantining All Traces: xxxcounter cookie
    1:43 AM: Quarantining All Traces: xiti cookie
    1:43 AM: Quarantining All Traces: burstbeacon cookie
    1:43 AM: Quarantining All Traces: aa cookie
    1:43 AM: Quarantining All Traces: weborama cookie
    1:43 AM: Quarantining All Traces: tripod cookie
    1:43 AM: Quarantining All Traces: tribalfusion cookie
    1:43 AM: Quarantining All Traces: trb.com cookie
    1:43 AM: Quarantining All Traces: trafficmp cookie
    1:43 AM: Quarantining All Traces: tradedoubler cookie
    1:43 AM: Quarantining All Traces: toplist cookie
    1:43 AM: Quarantining All Traces: webtrendslive cookie
    1:43 AM: Quarantining All Traces: statcounter cookie
    1:43 AM: Quarantining All Traces: onestat.com cookie
    1:43 AM: Quarantining All Traces: directtrack cookie
    1:43 AM: Quarantining All Traces: sexlist cookie
    1:43 AM: Quarantining All Traces: serving-sys cookie
    1:43 AM: Quarantining All Traces: server.iad.liveperson cookie
    1:43 AM: Quarantining All Traces: adjuggler cookie
    1:43 AM: Quarantining All Traces: revenue.net cookie
    1:43 AM: Quarantining All Traces: realmedia cookie
    1:43 AM: Quarantining All Traces: rambler cookie
    1:43 AM: Quarantining All Traces: questionmarket cookie
    1:43 AM: Quarantining All Traces: pro-market cookie
    1:43 AM: Quarantining All Traces: pricegrabber cookie
    1:43 AM: Quarantining All Traces: paycounter cookie
    1:43 AM: Quarantining All Traces: nextag cookie
    1:43 AM: Quarantining All Traces: metareward.com cookie
    1:43 AM: Quarantining All Traces: mediaplex cookie
    1:43 AM: Quarantining All Traces: maxserving cookie
    1:43 AM: Quarantining All Traces: webtrends cookie
    1:43 AM: Quarantining All Traces: linksynergy cookie
    1:43 AM: Quarantining All Traces: ic-live cookie
    1:43 AM: Quarantining All Traces: fastclick cookie
    1:43 AM: Quarantining All Traces: adbureau cookie
    1:43 AM: Quarantining All Traces: excite cookie
    1:43 AM: Quarantining All Traces: ru4 cookie
    1:43 AM: Quarantining All Traces: did-it cookie
    1:43 AM: Quarantining All Traces: overture cookie
    1:43 AM: Quarantining All Traces: coremetrics cookie
    1:43 AM: Quarantining All Traces: sextracker cookie
    1:43 AM: Quarantining All Traces: hitslink cookie
    1:43 AM: Quarantining All Traces: xhit cookie
    1:43 AM: Quarantining All Traces: classmates cookie
    1:43 AM: Quarantining All Traces: centrport net cookie
    1:43 AM: Quarantining All Traces: ccbill cookie
    1:43 AM: Quarantining All Traces: casalemedia cookie
    1:43 AM: Quarantining All Traces: zedo cookie
    1:43 AM: Quarantining All Traces: burstnet cookie
    1:43 AM: Quarantining All Traces: bs.serving-sys cookie
    1:43 AM: Quarantining All Traces: bluestreak cookie
    1:43 AM: Quarantining All Traces: bizrate cookie
    1:43 AM: Quarantining All Traces: belnk cookie
    1:43 AM: Quarantining All Traces: freestats.net cookie
    1:43 AM: Quarantining All Traces: atwola cookie
    1:43 AM: Quarantining All Traces: atlas dmt cookie
    1:43 AM: Quarantining All Traces: ask cookie
    1:43 AM: Quarantining All Traces: falkag cookie
    1:43 AM: Quarantining All Traces: apmebf cookie
    1:43 AM: Quarantining All Traces: tacoda cookie
    1:43 AM: Quarantining All Traces: advertising cookie
    1:43 AM: Quarantining All Traces: adultrevenueservice cookie
    1:43 AM: Quarantining All Traces: adultfriendfinder cookie
    1:43 AM: Quarantining All Traces: adtech cookie
    1:43 AM: Quarantining All Traces: pointroll cookie
    1:43 AM: Quarantining All Traces: addynamix cookie
    1:43 AM: Quarantining All Traces: adrevolver cookie
    1:43 AM: Quarantining All Traces: specificclick.com cookie
    1:43 AM: Quarantining All Traces: hbmediapro cookie
    1:43 AM: Quarantining All Traces: adlegend cookie
    1:43 AM: Quarantining All Traces: adknowledge cookie
    1:43 AM: Quarantining All Traces: yieldmanager cookie
    1:43 AM: Quarantining All Traces: about cookie
    1:43 AM: Quarantining All Traces: go.com cookie
    1:43 AM: Quarantining All Traces: websponsors cookie
    1:43 AM: Quarantining All Traces: 247realmedia cookie
    1:43 AM: Quarantining All Traces: 2o7.net cookie
    1:43 AM: Quarantining All Traces: mediapipe
    1:43 AM: Quarantining All Traces: weirdontheweb
    1:43 AM: Quarantining All Traces: p2pnetwork
    1:43 AM: Removal process initiated
    10:20 PM: Traces Found: 147
    10:20 PM: Full Sweep has completed. Elapsed time 00:38:26
    10:20 PM: File Sweep Complete, Elapsed Time: 00:33:34
    10:11 PM: Warning: Failed to open file "c:\documents and settings\tony natale\local settings\temp\~df3333.tmp". The operation completed successfully
    10:10 PM: Warning: Failed to open file "c:\program files\norton internet security\norton antivirus\savrt\0762nav~.tmp". The operation completed successfully
    9:47 PM: Starting File Sweep
    9:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:16
    9:47 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3762)
    9:47 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2142)
    9:47 PM: Found Spy Cookie: adserver cookie
    9:47 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3743)
    9:47 PM: Found Spy Cookie: yadro cookie
    9:47 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3733)
    9:47 PM: Found Spy Cookie: xxxcounter cookie
    9:47 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3717)
    9:46 PM: Found Spy Cookie: xiti cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2385)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2337)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2335)
    9:46 PM: Found Spy Cookie: burstbeacon cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2030)
    9:46 PM: Found Spy Cookie: aa cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3658)
    9:46 PM: Found Spy Cookie: weborama cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3591)
    9:46 PM: Found Spy Cookie: tripod cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3589)
    9:46 PM: Found Spy Cookie: tribalfusion cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3587)
    9:46 PM: Found Spy Cookie: trb.com cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3581)
    9:46 PM: Found Spy Cookie: trafficmp cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3575)
    9:46 PM: Found Spy Cookie: tradedoubler cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3557)
    9:46 PM: Found Spy Cookie: toplist cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 6444)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2038)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3667)
    9:46 PM: Found Spy Cookie: webtrendslive cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3447)
    9:46 PM: Found Spy Cookie: statcounter cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3098)
    9:46 PM: Found Spy Cookie: onestat.com cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2528)
    9:46 PM: Found Spy Cookie: directtrack cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3361)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3353)
    9:46 PM: Found Spy Cookie: sexlist cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3343)
    9:46 PM: Found Spy Cookie: serving-sys cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3341)
    9:46 PM: Found Spy Cookie: server.iad.liveperson cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2071)
    9:46 PM: Found Spy Cookie: adjuggler cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3257)
    9:46 PM: Found Spy Cookie: revenue.net cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3235)
    9:46 PM: Found Spy Cookie: realmedia cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3225)
    9:46 PM: Found Spy Cookie: rambler cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3217)
    9:46 PM: Found Spy Cookie: questionmarket cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3197)
    9:46 PM: Found Spy Cookie: pro-market cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3185)
    9:46 PM: Found Spy Cookie: pricegrabber cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3106)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3115)
    9:46 PM: Found Spy Cookie: paycounter cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3105)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 5014)
    9:46 PM: Found Spy Cookie: nextag cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2990)
    9:46 PM: Found Spy Cookie: metareward.com cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 6442)
    9:46 PM: Found Spy Cookie: mediaplex cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2652)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2966)
    9:46 PM: Found Spy Cookie: maxserving cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3669)
    9:46 PM: Found Spy Cookie: webtrends cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2926)
    9:46 PM: Found Spy Cookie: linksynergy cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2060)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2821)
    9:46 PM: Found Spy Cookie: ic-live cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2060)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2728)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2651)
    9:46 PM: Found Spy Cookie: fastclick cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2038)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2060)
    9:46 PM: Found Spy Cookie: adbureau cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2631)
    9:46 PM: Found Spy Cookie: excite cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3269)
    9:46 PM: Found Spy Cookie: ru4 cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2293)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2523)
    9:46 PM: Found Spy Cookie: did-it cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3106)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3106)
    9:46 PM: Found Spy Cookie: overture cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2472)
    9:46 PM: Found Spy Cookie: coremetrics cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3362)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3362)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3362)
    9:46 PM: Found Spy Cookie: sextracker cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2790)
    9:46 PM: Found Spy Cookie: hitslink cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3714)
    9:46 PM: Found Spy Cookie: xhit cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2384)
    9:46 PM: Found Spy Cookie: classmates cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2374)
    9:46 PM: Found Spy Cookie: centrport net cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2369)
    9:46 PM: Found Spy Cookie: ccbill cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2354)
    9:46 PM: Found Spy Cookie: casalemedia cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3763)
    9:46 PM: Found Spy Cookie: zedo cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2336)
    9:46 PM: Found Spy Cookie: burstnet cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2330)
    9:46 PM: Found Spy Cookie: bs.serving-sys cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected]k[1].txt (ID = 2314)
    9:46 PM: Found Spy Cookie: bluestreak cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2308)
    9:46 PM: Found Spy Cookie: bizrate cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2292)
    9:46 PM: Found Spy Cookie: belnk cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2705)
    9:46 PM: Found Spy Cookie: freestats.net cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2255)
    9:46 PM: Found Spy Cookie: atwola cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2253)
    9:46 PM: Found Spy Cookie: atlas dmt cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2245)
    9:46 PM: Found Spy Cookie: ask cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2650)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2650)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2650)
    9:46 PM: Found Spy Cookie: falkag cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2229)
    9:46 PM: Found Spy Cookie: apmebf cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 6445)
    9:46 PM: Found Spy Cookie: tacoda cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2175)
    9:46 PM: Found Spy Cookie: advertising cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2167)
    9:46 PM: Found Spy Cookie: adultrevenueservice cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2165)
    9:46 PM: Found Spy Cookie: adultfriendfinder cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2155)
    9:46 PM: Found Spy Cookie: adtech cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3148)
    9:46 PM: Found Spy Cookie: pointroll cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2062)
    9:46 PM: Found Spy Cookie: addynamix cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][3].txt (ID = 2088)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2088)
    9:46 PM: Found Spy Cookie: adrevolver cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3400)
    9:46 PM: Found Spy Cookie: specificclick.com cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2768)
    9:46 PM: Found Spy Cookie: hbmediapro cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2074)
    9:46 PM: Found Spy Cookie: adlegend cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 2072)
    9:46 PM: Found Spy Cookie: adknowledge cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 3751)
    9:46 PM: Found Spy Cookie: yieldmanager cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2037)
    9:46 PM: Found Spy Cookie: about cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2729)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 2729)
    9:46 PM: Found Spy Cookie: go.com cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 3665)
    9:46 PM: Found Spy Cookie: websponsors cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 1957)
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][2].txt (ID = 1953)
    9:46 PM: Found Spy Cookie: 247realmedia cookie
    9:46 PM: c:\documents and settings\tony natale\cookies\tony [email protected][1].txt (ID = 1958)
    9:46 PM: Found Spy Cookie: 2o7.net cookie
    9:46 PM: Starting Cookie Sweep
    9:46 PM: Registry Sweep Complete, Elapsed Time:00:00:16
    9:46 PM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 867115)
    9:46 PM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (ID = 867026)
    9:46 PM: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (ID = 867014)
    9:46 PM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866983)
    9:46 PM: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (ID = 866977)
    9:46 PM: HKLM\software\classes\appid\mpagent.dll\ (ID = 866967)
    9:46 PM: HKLM\software\classes\appid\amnotifier.exe\ (ID = 866961)
    9:46 PM: HKLM\software\classes\mpagent.agent.1\ (ID = 866947)
    9:46 PM: HKLM\software\classes\mpagent.agent\ (ID = 866941)
    9:46 PM: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (ID = 866919)
    9:46 PM: HKLM\software\classes\amnotifier.hubawindow.1\ (ID = 866917)
    9:46 PM: HKLM\software\classes\amnotifier.hubawindow\ (ID = 866911)
    9:46 PM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866836)
    9:46 PM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (ID = 866747)
    9:46 PM: Found Trojan Horse: p2pnetwork
    9:46 PM: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (ID = 866735)
    9:46 PM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866704)
    9:46 PM: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (ID = 866698)
    9:46 PM: HKCR\appid\mpagent.dll\ (ID = 866688)
    9:46 PM: HKCR\appid\amnotifier.exe\ (ID = 866682)
    9:46 PM: HKCR\mpagent.agent.1\ (ID = 866668)
    9:46 PM: HKCR\mpagent.agent\ (ID = 866662)
    9:46 PM: Found Adware: mediapipe
    9:46 PM: HKCR\amnotifier.hubawindow.1\ (ID = 866638)
    9:46 PM: HKCR\amnotifier.hubawindow\ (ID = 866632)
    9:46 PM: Found Adware: weirdontheweb
    9:46 PM: Starting Registry Sweep
    9:46 PM: Memory Sweep Complete, Elapsed Time: 00:04:11
    9:42 PM: Starting Memory Sweep
    9:42 PM: Sweep initiated using definitions version 720
    9:42 PM: Spy Sweeper 5.0.5.1286 started
    9:42 PM: | Start of Session, Monday, July 17, 2006 |
    ********
    9:42 PM: | End of Session, Monday, July 17, 2006 |
    9:38 PM: Your definitions are up to date.
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPCRAWL.EXE
    9:38 PM: Tamper Detection
    9:38 PM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    9:38 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:35 PM: Shield States
    9:35 PM: Spyware Definitions: 691
    9:35 PM: Spy Sweeper 5.0.5.1286 started
    9:35 PM: Spy Sweeper 5.0.5.1286 started
    9:35 PM: | Start of Session, Monday, July 17, 2006
     
  7. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Logfile of HijackThis v1.99.1
    Scan saved at 2:10:33 AM, on 7/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Common Files\AOL\1127523287\ee\AOLSoftware.exe
    C:\Program Files\IBackup for Windows\IBMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\License_Manager\license_manager.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\program files\common files\aol\1127523287\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Handspring\HOTSYNC.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    c:\program files\common files\aol\1127523287\ee\aolsoftware.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\IBackup for Windows\IBackground.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
    O1 - Hosts: 172.17.2.2 nolan
    O1 - Hosts: 172.17.2.5 sqlserver2k
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
    O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Norton Password Manager\AcctMgr.exe" /startup
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1127523287\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IBWin Background process] "C:\Program Files\IBackup for Windows\IBackground.exe"
    O4 - HKLM\..\Run: [IBWin Monitor] "C:\Program Files\IBackup for Windows\IBMonitor.exe" Min
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\ibmmessages.exe"
    O4 - HKCU\..\Run: [OfotoNow USB Detection] "C:\WINDOWS\system32\RunDLL32.exe" C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: http://www.kodakgallery.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136531356871
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://esupport.cf1live.com/esupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://exacttarget.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  8. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Seeing all the unwanted "stuff" was surprising to me. I thought the various security programs I was running stopped these things!

    I used to receive automatic notices of Adware/Spyware sweeps (I think it was an AOL action) but for some reason no longer do. It would capture/delete the various adware items on my machine. Any thoughts?
     
  9. hynesy

    hynesy

    Joined:
    Apr 16, 2006
    Messages:
    76
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\License_Manager
    C:\Program Files\MediaPipe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  11. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Hello in SC:

    The post-clean up Hijack This log follows. You asked for some feedback so here is what I've seen so far. Mind you, I have not used any programs other than IE since this last step.

    1. Had trouble closing programs. Most went through the tedious MS process of "Having trouble closing...."
    2. Had trouble finding Killbox in Safe mode. Booted, re-loaded and put file in different place
    3. Over the last 18 hours, programs have been slower to load and to close, file opening took longer and at times was unable to click on menu commands. Had to Ctrl/Alt/Del, End Task and go from there.
    4. In particular, my ACT! program actions, such as writing a form letter, were excruciatingly long with the hard drive practically sweating to do a simple task.

    So, I'll see if your guidance has helped me exorcise the popup demon and kept my laptop running OK!

    Is there any way to pursue the jerks that put out these damaging programs??? :confused:
     
  12. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Other than very slow program loads, the laptop is fine with the offending popup removed!

    Is there a way to speed up the downloads and program opening?

    Thanks, in SC, for your help.
     
  13. hynesy

    hynesy

    Joined:
    Apr 16, 2006
    Messages:
    76
    To speed up downloading you can download download managers for example DAP (download accellerator Plus) or Free download manager. As for programs, a good idea is to find a trusted registry repairer for windows and let it repair ur registry, use disk clean up in start menu, accessories, system tools and also disk defragmenter also in the same location as disc clean up
    cheers
     
  14. SpanishDancer

    SpanishDancer Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    29
    Is a registry repairer a person/service or is it software?

    Thanks for the addtional suggestions, too.
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484080

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice