1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Sending out unwanted Email messages using Outlook

Discussion in 'Web & Email' started by lac, Jan 24, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. lac

    lac Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    17
    Over the last two weeks, I have noticed that when I do a send/receive from Outlook, it says I am sending one more message than I have created, and when I check the sent box it is not there. Usually a short time later I will receive a message from the domain saying that the addressee of the spurious message does not exist. The addressee is different everytime. I have included the latest of these messages below:

    Hi. This is the qmail-send program at email.mepotelco.net.
    I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.

    <[email protected]>:
    216.248.102.2 does not like recipient.
    Remote host said: 550 unknown user <[email protected]> Giving up on 216.248.102.2.

    --- Below this line is a copy of the message.

    Return-Path: <[email protected]>
    X-Spam-Score: 2.3
    X-Spam-Flag: NO
    X-Spam-Checker-Version: SpamAssassin 3.0.3-4115 (2005-04-23) on
    email.mepotelco.net
    X-Spam-Level: **
    X-Spam-Status: No, hits=2.3 required=5.0
    X-Spam-Processed-By: email.mepotelco.net
    X-Spam-Report: 2.3 points, 5.0 required
    * 0.8 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding
    * 1.5 T_EMPTY_MSG Email has no message body
    Received: from cpe-66-87-73-124.ca.sprintbbd.net ([66.87.73.124] helo=DDR2WK31)
    by pop-cowbird.atl.sa.earthlink.net with esmtp (Exim 3.36 #10)
    id 1F1Rbt-0001oP-00
    for [email protected]; Tue, 24 Jan 2006 12:05:38 -0500
    From: "Lois Cornell" <[email protected]>
    To: <[email protected]>
    Date: Tue, 24 Jan 2006 09:05:13 -0800
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: application/ms-tnef;
    name="winmail.dat"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="winmail.dat"
    X-Priority: 3 (Normal)
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook, Build 10.0.6626
    Importance: Normal
    X-MS-TNEF-Correlator: 000000001A99B25F95E3994B8FF59A3C013952D9A4BF3400
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    Subject: Not read: Fw:

    eJ8+IhcRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9S
    eJ8+VC5J
    UE0uTm90ZS5JUE5OUk4AtwYBDYAEAAIAAAACAAIAAQqAAQAhAAAAMUI3RUU3QzEyMTEwNTk0RDhD
    RkFEOURFREQ2REQwM0UAfwcBA5AGAMQCAAAZAAAACwAjAAAAAAALACkAAAAAAEAAMgBQBctsByHG
    AR4ASQABAAAAFgAAAFtOb3J0b24gQW50aVNwYW1dIEZ3OgAAAAIBTAABAAAARAAAAAAAAACBKx+k
    vqMQGZ1uAN0BD1QCAAABAEFsZHJpY2ggTmFkaW5lAFNNVFAAd21tdGxiZ3ptQG1lcG90ZWxjby5u
    ZXQAQABOAIDnihneIMYBQABVAIDLAbPVIMYBHgBwAAEAAAAWAAAAW05vcnRvbiBBbnRpU3BhbV0g
    Rnc6AAAAAgFxAAEAAAAWAAAAAcYhB2zLqJKOJcjDRhK7n8QoNFdf2wAAHgByAAEAAAABAAAAAAAA
    AB4AcwABAAAAAQAAAAAAAAAeAHQAAQAAABYAAABjZmFtaWx5QGl4Lm5ldGNvbS5jb20AAAALAAgM
    AAAAAAIBHQwBAAAAGwAAAFNNVFA6Q0ZBTUlMWUBJWC5ORVRDT00uQ09NAAALAAEOAQAAAAMAFA4A
    AAAAHgAoDgEAAAAyAAAAMDAwMDAwMDYBY2ZhbWlseUBpeC5uZXRjb20uY29tAUVhcnRobGluayBz
    dGFuZGFyZAAAAB4AKQ4BAAAAMgAAADAwMDAwMDA2AWNmYW1pbHlAaXgubmV0Y29tLmNvbQFFYXJ0
    aGxpbmsgc3RhbmRhcmQAAAAeAAEQAQAAABkAAABNZXNzYWdlIHdhcyBub3QgcmVhZCBieToAAAAA
    AgH4DwEAAAAQAAAAGpmyX5XjmUuP9Zo8ATlS2QIB+g8BAAAAEAAAABqZsl+V45lLj/WaPAE5
    AgH4DwEAAAAQAAAAGpmyX5XjmUuP9Zo8ATlS2QIB+g8BAAAAEAAAABqZsl+UtkD
    AP4PBQAAAAMADTT9NwIAAgEUNAEAAAAQAAAATklUQfm/uAEAqgA32W4AAAIBfwABAAAAMQAAADAw
    MDAwMDAwMUE5OUIyNUY5NUUzOTk0QjhGRjU5QTNDMDEzOTUyRDlBNEJGMzQwMAAAAADInw==



    I assume that there is some kind of worm causing this, but there is no sign of it in a full scan from Nortons. Thanks for any help you can provide
     
  2. lac

    lac Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    17
    This problem has occurred again. Here is the message that was bounced back from the different domain. Whatever help you can provide would be greatly appreciated.



    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    [email protected]
    SMTP error from remote mailer after RCPT TO:<[email protected]>:
    host smtp-2.mail.lilly.com [40.33.1.1]: 550 5.7.1 unknown host or domain:
    [email protected]

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <[email protected]>
    Received: from cpe-66-87-73-124.ca.sprintbbd.net ([66.87.73.124] helo=DDR2WK31)
    by pop-altamira.atl.sa.earthlink.net with esmtp (Exim 3.36 #10)
    id 1F2ICb-00071N-00
    for [email protected]; Thu, 26 Jan 2006 20:15:01 -0500
    From: "Lois Cornell" <[email protected]>
    To: <[email protected]>
    Date: Thu, 26 Jan 2006 17:14:09 -0800
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: application/ms-tnef;
    name="winmail.dat"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="winmail.dat"
    X-Priority: 3 (Normal)
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook, Build 10.0.6626
    Importance: Normal
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    X-MS-TNEF-Correlator: 000000001A99B25F95E3994B8FF59A3C013952D9E4D63400
    Subject: Not read: Hey loiscornell

    eJ8+IiIBAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9S
    eJ8+VC5J
    UE0uTm90ZS5JUE5OUk4AtwYBDYAEAAIAAAACAAIAAQqAAQAhAAAARTI3MjZDOTZDMEVDQTQ0MTkw
    QjcxN0ZGRkU0QzNFQzIAYgcBA5AGAOACAAAZAAAACwAjAAAAAAALACkAAAAAAEAAMgBQa89t2yLG
    AR4ASQABAAAAIgAAAFtOb3J0b24gQW50aVNwYW1dIEhleSBsb2lzY29ybmVsbAAAAAIBTAABAAAA
    QQAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAABAGhvbGdndGlAbGlsbHkuY29tAFNNVFAAaG9s
    QQAAAAAAAACBKx+Z2d0
    aUBsaWxseS5jb20AAAAAQABOAADLCQqlIsYBQABVAABark7XIsYBHgBwAAEAAAAiAAAAW05vcnRv
    biBBbnRpU3BhbV0gSGV5IGxvaXNjb3JuZWxsAAAAAgFxAAEAAAAWAAAAAcYi223PQIXkajPjTLWc
    xt/yzoqpOAAAHgByAAEAAAABAAAAAAAAAB4AcwABAAAAAQAAAAAAAAAeAHQAAQAAABoAAABsb2lz
    Y29ybmVsbEBpeC5uZXRjb20uY29tAAAACwAIDAAAAAACAR0MAQAAABsAAABTTVRQOkNGQU1JTFlA
    SVguTkVUQ09NLkNPTQAACwABDgEAAAADABQOAAAAAB4AKA4BAAAAMgAAADAwMDAwMDA2AWNmYW1p
    bHlAaXgubmV0Y29tLmNvbQFFYXJ0aGxpbmsgc3RhbmRhcmQAAAAeACkOAQAAADIAAAAwMDAwMDAw
    NgFjZmFtaWx5QGl4Lm5ldGNvbS5jb20BRWFydGhsaW5rIHN0YW5kYXJkAAAAHgABEAEAAAAZAAAA
    TWVzc2FnZSB3YXMgbm90IHJlYWQgYnk6AAAAAAIB+A8BAAAAEAAAABqZsl+V45lLj/WaPAE5
    TWVzc2FnZSB3YXMgbm90IHJlYWQgYnk6AAAAAAIB+A8BAAAAEAAAABqZsl+UtkC
    AfoPAQAAABAAAAAambJfleOZS4/1mjwBOVLZAwD+DwUAAAADAA00/TcCAAIBFDQBAAAAEAAAAE5J
    VEH5v7gBAKoAN9luAAACAX8AAQAAADEAAAAwMDAwMDAwMDFBOTlCMjVGOTVFMzk5NEI4RkY1OUEz
    QzAxMzk1MkQ5RTRENjM0MDAAAAAATaw=



    Here is my Hijack This log:
    Logfile of HijackThis v1.99.1
    Scan saved at 5:59:29 PM, on 1/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\WINDOWS\System32\basfipm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\WINZIP\WZQKPICK.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\mrtMngr.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

    \Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec

    Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0

    \Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0

    \Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec

    Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [bascstray] BascsTray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install032.exe
    O16 - DPF: {816118E7-8F44-458C-87E5-52B3649CEDB1} (PortalCom Control) - http://202.109.117.170/PortalAX02.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-

    secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

    https://execunetevents.webex.com/client/latest/event/ieatgpc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-

    secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet

    Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe

    Thanks for whatever help you can give.
     
  3. TORB

    TORB

    Joined:
    Apr 15, 2004
    Messages:
    117
    As you have not had a rsponse here, and the problem is likely to be a worm, malwear or the like, and not an Outlook problem as such, I would post your question/problem in the security forum as well. There are lots of knowledgable people who read that who are likely to be able to help.
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Next log - In note pad goto FORMAT and check wordwrap

    I didn't see anything in that broken log so

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  5. lac

    lac Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    17
    First of all, thanks for the response.

    I have not seen any evidence of this problem since I last submitted this thread.

    Here is the log for SpySweeper:

    ********
    5:00 PM: | Start of Session, Wednesday, February 01, 2006 |
    5:00 PM: Spy Sweeper started
    5:00 PM: Sweep initiated using definitions version 609
    5:00 PM: Starting Memory Sweep
    5:03 PM: Memory Sweep Complete, Elapsed Time: 00:03:15
    5:03 PM: Starting Registry Sweep
    5:03 PM: Found Trojan Horse: 2nd-thought
    5:03 PM: HKLM\software\microsoft\code store database\distribution units\{13197ace-6851-45c3-a7ff-c281324d5489}\ (8 subtraces) (ID = 102003)
    5:03 PM: HKU\WRSS_Profile_S-1-5-21-1576120997-1079071237-3427439624-1008\software\stc\ (1 subtraces) (ID = 102020)
    5:03 PM: HKU\S-1-5-21-1576120997-1079071237-3427439624-1005\software\stc\ (1 subtraces) (ID = 102020)
    5:04 PM: Registry Sweep Complete, Elapsed Time:00:00:13
    5:04 PM: Starting Cookie Sweep
    5:04 PM: Found Spy Cookie: sandboxer cookie
    5:04 PM: [email protected][1].txt (ID = 3282)
    5:04 PM: Found Spy Cookie: 2o7.net cookie
    5:04 PM: [email protected][2].txt (ID = 1958)
    5:04 PM: Found Spy Cookie: 203.199.200 cookie
    5:04 PM: [email protected][1].txt (ID = 1941)
    5:04 PM: [email protected][2].txt (ID = 1957)
    5:04 PM: Found Spy Cookie: falkag cookie
    5:04 PM: [email protected][1].txt (ID = 2650)
    5:04 PM: Found Spy Cookie: ad-logics cookie
    5:04 PM: [email protected][2].txt (ID = 2049)
    5:04 PM: Found Spy Cookie: adrevolver cookie
    5:04 PM: [email protected][2].txt (ID = 2088)
    5:04 PM: Found Spy Cookie: euniverseads cookie
    5:04 PM: [email protected][1].txt (ID = 2630)
    5:04 PM: Found Spy Cookie: specificpop cookie
    5:04 PM: [email protected][1].txt (ID = 3402)
    5:04 PM: Found Spy Cookie: advertising cookie
    5:04 PM: [email protected][1].txt (ID = 2175)
    5:04 PM: Found Spy Cookie: atlas dmt cookie
    5:04 PM: [email protected][2].txt (ID = 2253)
    5:04 PM: Found Spy Cookie: atwola cookie
    5:04 PM: [email protected][1].txt (ID = 2255)
    5:04 PM: Found Spy Cookie: bizrate cookie
    5:04 PM: [email protected][1].txt (ID = 2308)
    5:04 PM: Found Spy Cookie: bravenet cookie
    5:04 PM: [email protected][1].txt (ID = 2322)
    5:04 PM: Found Spy Cookie: porngraph cookie
    5:04 PM: [email protected][2].txt (ID = 3169)
    5:04 PM: Found Spy Cookie: centrport net cookie
    5:04 PM: [email protected][1].txt (ID = 2374)
    5:04 PM: Found Spy Cookie: commission junction cookie
    5:04 PM: [email protected][1].txt (ID = 2455)
    5:04 PM: Found Spy Cookie: sextracker cookie
    5:04 PM: [email protected][2].txt (ID = 3362)
    5:04 PM: [email protected][2].txt (ID = 3362)
    5:04 PM: [email protected][1].txt (ID = 3362)
    5:04 PM: [email protected][1].txt (ID = 3362)
    5:04 PM: [email protected][1].txt (ID = 3362)
    5:04 PM: [email protected][1].txt (ID = 3362)
    5:04 PM: [email protected][2].txt (ID = 3362)
    5:04 PM: [email protected][1].txt (ID = 3362)
    5:04 PM: [email protected][2].txt (ID = 3362)
    5:04 PM: Found Spy Cookie: webtrendslive cookie
    5:04 PM: [email protected]_2j2f[1].txt (ID = 3676)
    5:04 PM: Found Spy Cookie: belnk cookie
    5:04 PM: [email protected][2].txt (ID = 2293)
    5:04 PM: Found Spy Cookie: ru4 cookie
    5:04 PM: [email protected][1].txt (ID = 3269)
    5:04 PM: [email protected][2].txt (ID = 2629)
    5:04 PM: Found Spy Cookie: expage cookie
    5:04 PM: [email protected][1].txt (ID = 2637)
    5:04 PM: Found Spy Cookie: fastclick cookie
    5:04 PM: [email protected][2].txt (ID = 2651)
    5:04 PM: Found Spy Cookie: fortunecity cookie
    5:04 PM: [email protected][1].txt (ID = 2686)
    5:04 PM: Found Spy Cookie: kinghost cookie
    5:04 PM: [email protected][1].txt (ID = 2903)
    5:04 PM: Found Spy Cookie: mediaplex cookie
    5:04 PM: [email protected][1].txt (ID = 6442)
    5:04 PM: Found Spy Cookie: nextag cookie
    5:04 PM: [email protected][1].txt (ID = 5014)
    5:04 PM: Found Spy Cookie: paycounter cookie
    5:04 PM: [email protected][2].txt (ID = 3115)
    5:04 PM: Found Spy Cookie: mircx cookie
    5:04 PM: [email protected][1].txt (ID = 2998)
    5:04 PM: Found Spy Cookie: qksrv cookie
    5:04 PM: [email protected][1].txt (ID = 3213)
    5:04 PM: Found Spy Cookie: questionmarket cookie
    5:04 PM: [email protected][1].txt (ID = 3217)
    5:04 PM: Found Spy Cookie: realmedia cookie
    5:04 PM: [email protected][1].txt (ID = 3235)
    5:04 PM: Found Spy Cookie: rightmedia cookie
    5:04 PM: [email protected][2].txt (ID = 3259)
    5:04 PM: Found Spy Cookie: rn11 cookie
    5:04 PM: [email protected][1].txt (ID = 3261)
    5:04 PM: Found Spy Cookie: servedby advertising cookie
    5:04 PM: [email protected][1].txt (ID = 3335)
    5:04 PM: Found Spy Cookie: serving-sys cookie
    5:04 PM: [email protected][2].txt (ID = 3343)
    5:04 PM: Found Spy Cookie: sexlist cookie
    5:04 PM: [email protected][2].txt (ID = 3353)
    5:04 PM: [email protected][2].txt (ID = 3361)
    5:04 PM: [email protected][1].txt (ID = 3401)
    5:04 PM: Found Spy Cookie: targetnet cookie
    5:04 PM: [email protected][1].txt (ID = 3489)
    5:04 PM: Found Spy Cookie: tripod cookie
    5:04 PM: [email protected][1].txt (ID = 3591)
    5:04 PM: Found Spy Cookie: www.club-nikki cookie
    5:04 PM: [email protected][1].txt (ID = 2420)
    5:04 PM: Found Spy Cookie: xzoomy cookie
    5:04 PM: [email protected][1].txt (ID = 3742)
    5:04 PM: Found Spy Cookie: adserver cookie
    5:04 PM: [email protected][1].txt (ID = 2142)
    5:04 PM: [email protected][2].txt (ID = 3235)
    5:04 PM: Found Spy Cookie: tribalfusion cookie
    5:04 PM: [email protected][1].txt (ID = 3589)
    5:04 PM: [email protected][1].txt (ID = 1958)
    5:04 PM: Found Spy Cookie: 247realmedia cookie
    5:04 PM: [email protected][2].txt (ID = 1953)
    5:04 PM: [email protected][2].txt (ID = 1957)
    5:04 PM: Found Spy Cookie: 7search cookie
    5:04 PM: [email protected][2].txt (ID = 2011)
    5:04 PM: Found Spy Cookie: websponsors cookie
    5:04 PM: [email protected][2].txt (ID = 3665)
    5:04 PM: Found Spy Cookie: about cookie
    5:04 PM: [email protected][2].txt (ID = 2037)
    5:04 PM: [email protected][2].txt (ID = 2049)
    5:04 PM: Found Spy Cookie: yieldmanager cookie
    5:04 PM: [email protected][2].txt (ID = 3751)
    5:04 PM: Found Spy Cookie: adbureau cookie
    5:04 PM: [email protected][2].txt (ID = 2060)
    5:04 PM: [email protected][1].txt (ID = 2038)
    5:04 PM: Found Spy Cookie: specificclick.com cookie
    5:04 PM: [email protected][2].txt (ID = 3400)
    5:04 PM: [email protected][2].txt (ID = 2088)
    5:04 PM: [email protected][3].txt (ID = 2088)
    5:04 PM: Found Spy Cookie: addynamix cookie
    5:04 PM: [email protected][2].txt (ID = 2062)
    5:04 PM: Found Spy Cookie: ads.businessweek cookie
    5:04 PM: [email protected][1].txt (ID = 2113)
    5:04 PM: Found Spy Cookie: enliven cookie
    5:04 PM: [email protected][1].txt (ID = 2615)
    5:04 PM: [email protected][2].txt (ID = 2630)
    5:04 PM: Found Spy Cookie: pointroll cookie
    5:04 PM: [email protected][2].txt (ID = 3148)
    5:04 PM: [email protected][2].txt (ID = 3402)
    5:04 PM: Found Spy Cookie: ads.trafficvenue.net cookie
    5:04 PM: [email protected][1].txt (ID = 2131)
    5:04 PM: Found Spy Cookie: x10 cookie
    5:04 PM: [email protected][2].txt (ID = 3712)
    5:04 PM: Found Spy Cookie: ads360 cookie
    5:04 PM: [email protected][1].txt (ID = 2095)
    5:04 PM: Found Spy Cookie: adserver.trb cookie
    5:04 PM: [email protected][1].txt (ID = 2147)
    5:04 PM: Found Spy Cookie: adtech cookie
    5:04 PM: [email protected][2].txt (ID = 2155)
    5:04 PM: [email protected][1].txt (ID = 2175)
    5:04 PM: [email protected][2].txt (ID = 2175)
    5:04 PM: Found Spy Cookie: apmebf cookie
    5:04 PM: [email protected][2].txt (ID = 2229)
    5:04 PM: [email protected][2].txt (ID = 2038)
    5:04 PM: [email protected][1].txt (ID = 1958)
    5:04 PM: [email protected][2].txt (ID = 2650)
    5:04 PM: Found Spy Cookie: ask cookie
    5:04 PM: [email protected][1].txt (ID = 2245)
    5:04 PM: [email protected][2].txt (ID = 2253)
    5:04 PM: Found Spy Cookie: dealtime cookie
    5:04 PM: [email protected][1].txt (ID = 2506)
    5:04 PM: [email protected][2].txt (ID = 2255)
    5:04 PM: Found Spy Cookie: a cookie
    5:04 PM: [email protected][2].txt (ID = 2027)
    5:04 PM: Found Spy Cookie: bannerspace cookie
    5:04 PM: [email protected][1].txt (ID = 2284)
    5:04 PM: Found Spy Cookie: banner cookie
    5:04 PM: [email protected][1].txt (ID = 2276)
    5:04 PM: [email protected][1].txt (ID = 2292)
    5:04 PM: Found Spy Cookie: belointeractive cookie
    5:04 PM: [email protected][2].txt (ID = 2294)
    5:04 PM: [email protected][1].txt (ID = 2308)
    5:04 PM: Found Spy Cookie: bluestreak cookie
    5:04 PM: [email protected][2].txt (ID = 2314)
    5:04 PM: [email protected][1].txt (ID = 2322)
    5:04 PM: Found Spy Cookie: bs.serving-sys cookie
    5:04 PM: [email protected][2].txt (ID = 2330)
    5:04 PM: [email protected][2].txt (ID = 2038)
    5:04 PM: Found Spy Cookie: casalemedia cookie
    5:04 PM: [email protected][2].txt (ID = 2354)
    5:04 PM: [email protected][1].txt (ID = 2374)
    5:04 PM: [email protected][1].txt (ID = 2038)
    5:04 PM: Found Spy Cookie: techtarget cookie
    5:04 PM: [email protected][2].txt (ID = 3500)
    5:04 PM: Found Spy Cookie: clickbank cookie
    5:04 PM: [email protected][2].txt (ID = 2398)
    5:04 PM: [email protected][1].txt (ID = 2455)
    5:04 PM: Found Spy Cookie: coolsavings cookie
    5:04 PM: [email protected][1].txt (ID = 2465)
    5:04 PM: Found Spy Cookie: hitslink cookie
    5:04 PM: [email protected][2].txt (ID = 2790)
    5:04 PM: [email protected][1].txt (ID = 3362)
    5:04 PM: [email protected][1].txt (ID = 2790)
    5:04 PM: Found Spy Cookie: counter cookie
    5:04 PM: [email protected][1].txt (ID = 2477)
    5:04 PM: [email protected][2].txt (ID = 2060)
    5:04 PM: Found Spy Cookie: 360i cookie
    5:04 PM: [email protected][2].txt (ID = 1962)
    5:04 PM: Found Spy Cookie: customer cookie
    5:04 PM: [email protected][1].txt (ID = 2481)
    5:04 PM: Found Spy Cookie: coremetrics cookie
    5:04 PM: [email protected][1].txt (ID = 2472)
    5:04 PM: Found Spy Cookie: overture cookie
    5:04 PM: [email protected][2].txt (ID = 3106)
    5:04 PM: [email protected][2].txt (ID = 3106)
    5:04 PM: [email protected]_8j7n[2].txt (ID = 3673)
    5:04 PM: [email protected][2].txt (ID = 2505)
    5:04 PM: Found Spy Cookie: did-it cookie
    5:04 PM: [email protected][2].txt (ID = 2523)
    5:04 PM: [email protected][2].txt (ID = 2293)
    5:04 PM: [email protected][1].txt (ID = 3269)
    5:04 PM: [email protected][1].txt (ID = 2629)
    5:04 PM: Found Spy Cookie: exitexchange cookie
    5:04 PM: [email protected][2].txt (ID = 2633)
    5:04 PM: [email protected][2].txt (ID = 2651)
    5:04 PM: Found Spy Cookie: fastcompany cookie
    5:04 PM: [email protected][2].txt (ID = 2655)
    5:04 PM: Found Spy Cookie: findwhat cookie
    5:04 PM: [email protected][1].txt (ID = 2674)
    5:04 PM: Found Spy Cookie: gamespy cookie
    5:04 PM: [email protected][2].txt (ID = 2719)
    5:04 PM: Found Spy Cookie: gator cookie
    5:04 PM: [email protected][1].txt (ID = 2722)
    5:04 PM: [email protected][1].txt (ID = 2038)
    5:04 PM: Found Spy Cookie: gotoast cookie
    5:04 PM: [email protected][1].txt (ID = 2751)
    5:04 PM: Found Spy Cookie: go.com cookie
    5:04 PM: [email protected][2].txt (ID = 2728)
    5:04 PM: Found Spy Cookie: humanclick cookie
    5:04 PM: [email protected][2].txt (ID = 2810)
    5:04 PM: Found Spy Cookie: homestore cookie
    5:04 PM: [email protected][2].txt (ID = 2793)
    5:04 PM: Found Spy Cookie: hypertracker.com cookie
    5:04 PM: [email protected][2].txt (ID = 2817)
    5:04 PM: Found Spy Cookie: ic-live cookie
    5:04 PM: [email protected][1].txt (ID = 2821)
    5:04 PM: [email protected][2].txt (ID = 2060)
    5:04 PM: Found Spy Cookie: infospace cookie
    5:04 PM: [email protected][2].txt (ID = 2865)
    5:04 PM: Found Spy Cookie: kount cookie
    5:04 PM: [email protected][2].txt (ID = 2911)
    5:04 PM: Found Spy Cookie: l2m.net cookie
    5:04 PM: [email protected][1].txt (ID = 2913)
    5:04 PM: Found Spy Cookie: domainsponsor cookie
    5:04 PM: [email protected][1].txt (ID = 2535)
    5:04 PM: Found Spy Cookie: netster cookie
    5:04 PM: [email protected][1].txt (ID = 3072)
    5:04 PM: Found Spy Cookie: linksynergy cookie
    5:04 PM: [email protected][2].txt (ID = 2926)
    5:04 PM: Found Spy Cookie: maxserving cookie
    5:04 PM: [email protected][2].txt (ID = 2966)
    5:04 PM: [email protected][1].txt (ID = 2652)
    5:04 PM: [email protected][2].txt (ID = 6442)
    5:04 PM: [email protected][1].txt (ID = 2038)
    5:04 PM: Found Spy Cookie: metareward.com cookie
    5:04 PM: [email protected][1].txt (ID = 2990)
    5:04 PM: [email protected][1].txt (ID = 2729)
    5:04 PM: [email protected][2].txt (ID = 2038)
    5:04 PM: [email protected][1].txt (ID = 5014)
    5:04 PM: Found Spy Cookie: netratingsselect cookie
    5:04 PM: [email protected][2].txt (ID = 3065)
    5:04 PM: [email protected][1].txt (ID = 1958)
    5:04 PM: [email protected]re[1].txt (ID = 3105)
    5:04 PM: [email protected][1].txt (ID = 2038)
    5:04 PM: Found Spy Cookie: paypopup cookie
    5:04 PM: [email protected][1].txt (ID = 3119)
    5:04 PM: Found Spy Cookie: pcstats.com cookie
    5:04 PM: [email protected][1].txt (ID = 3125)
    5:04 PM: [email protected][1].txt (ID = 3106)
    5:04 PM: [email protected][2].txt (ID = 2060)
    5:04 PM: [email protected][2].txt (ID = 3147)
    5:04 PM: Found Spy Cookie: pricegrabber cookie
    5:04 PM: [email protected][2].txt (ID = 3185)
    5:04 PM: Found Spy Cookie: pro-market cookie
    5:04 PM: [email protected][1].txt (ID = 3197)
    5:04 PM: [email protected][1].txt (ID = 3213)
    5:04 PM: Found Spy Cookie: qsrch cookie
    5:04 PM: [email protected][2].txt (ID = 3215)
    5:04 PM: [email protected][2].txt (ID = 3217)
    5:04 PM: Found Spy Cookie: rc cookie
    5:04 PM: [email protected][1].txt (ID = 3231)
    5:04 PM: [email protected][2].txt (ID = 3235)
    5:04 PM: Found Spy Cookie: revenue.net cookie
    5:04 PM: [email protected][1].txt (ID = 3257)
    5:04 PM: [email protected][1].txt (ID = 3259)
    5:04 PM: Found Spy Cookie: domain sponsor cookie
    5:04 PM: [email protected][2].txt (ID = 2534)
    5:04 PM: [email protected][1].txt (ID = 3500)
    5:04 PM: [email protected][1].txt (ID = 3500)
    5:04 PM: [email protected][2].txt (ID = 3500)
    5:04 PM: [email protected][1].txt (ID = 2534)
    5:04 PM: [email protected][2].txt (ID = 3500)
    5:04 PM: [email protected][2].txt (ID = 3500)
    5:04 PM: [email protected][2].txt (ID = 3500)
    5:04 PM: [email protected][1].txt (ID = 3500)
    5:04 PM: Found Spy Cookie: server.iad.liveperson cookie
    5:04 PM: [email protected][2].txt (ID = 3341)
    5:04 PM: Found Spy Cookie: web-stat cookie
    5:04 PM: [email protected][2].txt (ID = 3649)
    5:04 PM: [email protected][1].txt (ID = 3649)
    5:04 PM: [email protected][1].txt (ID = 3343)
    5:04 PM: Found Spy Cookie: servlet cookie
    5:04 PM: [email protected][1].txt (ID = 3345)
    5:04 PM: [email protected][2].txt (ID = 3345)
    5:04 PM: [email protected][1].txt (ID = 3361)
    5:04 PM: [email protected][1].txt (ID = 2038)
    5:04 PM: [email protected][2].txt (ID = 3401)
    5:04 PM: [email protected][1].txt (ID = 2729)
    5:04 PM: Found Spy Cookie: spylog cookie
    5:04 PM: [email protected][1].txt (ID = 3415)
    5:04 PM: Found Spy Cookie: st.sageanalyst cookie
    5:04 PM: [email protected][1].txt (ID = 3436)
    5:04 PM: Found Spy Cookie: starware.com cookie
    5:04 PM: [email protected][2].txt (ID = 3441)
    5:04 PM: [email protected][2].txt (ID = 2506)
    5:04 PM: Found Spy Cookie: onestat.com cookie
    5:04 PM: [email protected][2].txt (ID = 3098)
    5:04 PM: Found Spy Cookie: statcounter cookie
    5:04 PM: [email protected][1].txt (ID = 3447)
    5:04 PM: Found Spy Cookie: stats.klsoft.com cookie
    5:04 PM: [email protected][1].txt (ID = 3451)
    5:04 PM: Found Spy Cookie: clicktracks cookie
    5:04 PM: [email protected][2].txt (ID = 2407)
    5:04 PM: [email protected][2].txt (ID = 3667)
    5:04 PM: [email protected][1].txt (ID = 3500)
    5:04 PM: [email protected][2].txt (ID = 2295)
    5:04 PM: [email protected][1].txt (ID = 2472)
    5:04 PM: Found Spy Cookie: tickle cookie
    5:04 PM: [email protected][1].txt (ID = 3529)
    5:04 PM: Found Spy Cookie: tmpad cookie
    5:04 PM: [email protected][2].txt (ID = 3545)
    5:04 PM: Found Spy Cookie: tracking cookie
    5:04 PM: [email protected][1].txt (ID = 3571)
    5:04 PM: [email protected][2].txt (ID = 3571)
    5:04 PM: Found Spy Cookie: tradedoubler cookie
    5:04 PM: [email protected][2].txt (ID = 3575)
    5:04 PM: Found Spy Cookie: trafficmp cookie
    5:04 PM: [email protected][1].txt (ID = 3581)
    5:04 PM: [email protected][2].txt (ID = 3589)
    5:04 PM: [email protected][2].txt (ID = 2060)
    5:04 PM: [email protected][1].txt (ID = 3500)
    5:04 PM: [email protected][1].txt (ID = 2472)
    5:04 PM: Found Spy Cookie: valuead cookie
    5:04 PM: [email protected][2].txt (ID = 3626)
    5:04 PM: [email protected][2].txt (ID = 2038)
    5:04 PM: [email protected][1].txt (ID = 3648)
    5:04 PM: [email protected][1].txt (ID = 3500)
    5:04 PM: Found Spy Cookie: wirefly cookie
    5:04 PM: [email protected][1].txt (ID = 3693)
    5:04 PM: Found Spy Cookie: 123count cookie
    5:04 PM: [email protected][2].txt (ID = 1928)
    5:04 PM: Found Spy Cookie: adminder cookie
    5:04 PM: [email protected][2].txt (ID = 2079)
    5:04 PM: [email protected][2].txt (ID = 2657)
    5:04 PM: Found Spy Cookie: myaffiliateprogram.com cookie
    5:04 PM: [email protected][2].txt (ID = 3032)
    5:04 PM: Found Spy Cookie: screensavers.com cookie
    5:04 PM: [email protected][2].txt (ID = 3298)
    5:04 PM: [email protected][2].txt (ID = 3649)
    5:04 PM: [email protected][1].txt (ID = 3694)
    5:04 PM: [email protected][2].txt (ID = 3120)
    5:04 PM: Found Spy Cookie: xiti cookie
    5:04 PM: [email protected][1].txt (ID = 3717)
    5:04 PM: Found Spy Cookie: xxxcounter cookie
    5:04 PM: [email protected][1].txt (ID = 3733)
    5:04 PM: [email protected][1].txt (ID = 2142)
    5:04 PM: Found Spy Cookie: zedo cookie
    5:04 PM: [email protected][2].txt (ID = 3762)
    5:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:32
    5:04 PM: Starting File Sweep
    5:04 PM: c:\program files\common files\slmss (ID = -2147481537)
    5:32 PM: Found Adware: tibs dialer
    5:32 PM: xxx.lnk (ID = 79520)
    5:33 PM: dc8.lnk (ID = 48314)
    5:37 PM: File Sweep Complete, Elapsed Time: 00:33:13
    5:37 PM: Full Sweep has completed. Elapsed time 00:37:24
    5:37 PM: Traces Found: 242
    5:40 PM: Removal process initiated
    5:40 PM: Quarantining All Traces: 2nd-thought
    5:40 PM: Quarantining All Traces: tibs dialer
    5:40 PM: Quarantining All Traces: 123count cookie
    5:40 PM: Quarantining All Traces: 203.199.200 cookie
    5:40 PM: Quarantining All Traces: 247realmedia cookie
    5:40 PM: Quarantining All Traces: 2o7.net cookie
    5:40 PM: Quarantining All Traces: 360i cookie
    5:40 PM: Quarantining All Traces: 7search cookie
    5:40 PM: Quarantining All Traces: a cookie
    5:40 PM: Quarantining All Traces: about cookie
    5:40 PM: Quarantining All Traces: adbureau cookie
    5:40 PM: Quarantining All Traces: addynamix cookie
    5:40 PM: Quarantining All Traces: ad-logics cookie
    5:40 PM: Quarantining All Traces: adminder cookie
    5:40 PM: Quarantining All Traces: adrevolver cookie
    5:40 PM: Quarantining All Traces: ads.businessweek cookie
    5:40 PM: Quarantining All Traces: ads.trafficvenue.net cookie
    5:40 PM: Quarantining All Traces: ads360 cookie
    5:40 PM: Quarantining All Traces: adserver cookie
    5:40 PM: Quarantining All Traces: adserver.trb cookie
    5:40 PM: Quarantining All Traces: adtech cookie
    5:40 PM: Quarantining All Traces: advertising cookie
    5:40 PM: Quarantining All Traces: apmebf cookie
    5:40 PM: Quarantining All Traces: ask cookie
    5:40 PM: Quarantining All Traces: atlas dmt cookie
    5:40 PM: Quarantining All Traces: atwola cookie
    5:40 PM: Quarantining All Traces: banner cookie
    5:40 PM: Quarantining All Traces: bannerspace cookie
    5:40 PM: Quarantining All Traces: belnk cookie
    5:40 PM: Quarantining All Traces: belointeractive cookie
    5:40 PM: Quarantining All Traces: bizrate cookie
    5:40 PM: Quarantining All Traces: bluestreak cookie
    5:40 PM: Quarantining All Traces: bravenet cookie
    5:40 PM: Quarantining All Traces: bs.serving-sys cookie
    5:40 PM: Quarantining All Traces: casalemedia cookie
    5:40 PM: Quarantining All Traces: centrport net cookie
    5:40 PM: Quarantining All Traces: clickbank cookie
    5:40 PM: Quarantining All Traces: clicktracks cookie
    5:40 PM: Quarantining All Traces: commission junction cookie
    5:40 PM: Quarantining All Traces: coolsavings cookie
    5:40 PM: Quarantining All Traces: coremetrics cookie
    5:40 PM: Quarantining All Traces: counter cookie
    5:40 PM: Quarantining All Traces: customer cookie
    5:40 PM: Quarantining All Traces: dealtime cookie
    5:40 PM: Quarantining All Traces: did-it cookie
    5:40 PM: Quarantining All Traces: domain sponsor cookie
    5:40 PM: Quarantining All Traces: domainsponsor cookie
    5:40 PM: Quarantining All Traces: enliven cookie
    5:40 PM: Quarantining All Traces: euniverseads cookie
    5:40 PM: Quarantining All Traces: exitexchange cookie
    5:40 PM: Quarantining All Traces: expage cookie
    5:40 PM: Quarantining All Traces: falkag cookie
    5:40 PM: Quarantining All Traces: fastclick cookie
    5:40 PM: Quarantining All Traces: fastcompany cookie
    5:40 PM: Quarantining All Traces: findwhat cookie
    5:40 PM: Quarantining All Traces: fortunecity cookie
    5:40 PM: Quarantining All Traces: gamespy cookie
    5:40 PM: Quarantining All Traces: gator cookie
    5:40 PM: Quarantining All Traces: go.com cookie
    5:40 PM: Quarantining All Traces: gotoast cookie
    5:40 PM: Quarantining All Traces: hitslink cookie
    5:40 PM: Quarantining All Traces: homestore cookie
    5:40 PM: Quarantining All Traces: humanclick cookie
    5:40 PM: Quarantining All Traces: hypertracker.com cookie
    5:40 PM: Quarantining All Traces: ic-live cookie
    5:40 PM: Quarantining All Traces: infospace cookie
    5:40 PM: Quarantining All Traces: kinghost cookie
    5:40 PM: Quarantining All Traces: kount cookie
    5:40 PM: Quarantining All Traces: l2m.net cookie
    5:40 PM: Quarantining All Traces: linksynergy cookie
    5:40 PM: Quarantining All Traces: maxserving cookie
    5:40 PM: Quarantining All Traces: mediaplex cookie
    5:40 PM: Quarantining All Traces: metareward.com cookie
    5:40 PM: Quarantining All Traces: mircx cookie
    5:40 PM: Quarantining All Traces: myaffiliateprogram.com cookie
    5:40 PM: Quarantining All Traces: netratingsselect cookie
    5:40 PM: Quarantining All Traces: netster cookie
    5:40 PM: Quarantining All Traces: nextag cookie
    5:40 PM: Quarantining All Traces: onestat.com cookie
    5:40 PM: Quarantining All Traces: overture cookie
    5:40 PM: Quarantining All Traces: paycounter cookie
    5:40 PM: Quarantining All Traces: paypopup cookie
    5:40 PM: Quarantining All Traces: pcstats.com cookie
    5:40 PM: Quarantining All Traces: pointroll cookie
    5:40 PM: Quarantining All Traces: porngraph cookie
    5:40 PM: Quarantining All Traces: pricegrabber cookie
    5:40 PM: Quarantining All Traces: pro-market cookie
    5:40 PM: Quarantining All Traces: qksrv cookie
    5:40 PM: Quarantining All Traces: qsrch cookie
    5:40 PM: Quarantining All Traces: questionmarket cookie
    5:40 PM: Quarantining All Traces: rc cookie
    5:40 PM: Quarantining All Traces: realmedia cookie
    5:40 PM: Quarantining All Traces: revenue.net cookie
    5:40 PM: Quarantining All Traces: rightmedia cookie
    5:40 PM: Quarantining All Traces: rn11 cookie
    5:40 PM: Quarantining All Traces: ru4 cookie
    5:40 PM: Quarantining All Traces: sandboxer cookie
    5:40 PM: Quarantining All Traces: screensavers.com cookie
    5:40 PM: Quarantining All Traces: servedby advertising cookie
    5:40 PM: Quarantining All Traces: server.iad.liveperson cookie
    5:40 PM: Quarantining All Traces: serving-sys cookie
    5:40 PM: Quarantining All Traces: servlet cookie
    5:40 PM: Quarantining All Traces: sexlist cookie
    5:40 PM: Quarantining All Traces: sextracker cookie
    5:40 PM: Quarantining All Traces: specificclick.com cookie
    5:40 PM: Quarantining All Traces: specificpop cookie
    5:40 PM: Quarantining All Traces: spylog cookie
    5:40 PM: Quarantining All Traces: st.sageanalyst cookie
    5:40 PM: Quarantining All Traces: starware.com cookie
    5:40 PM: Quarantining All Traces: statcounter cookie
    5:40 PM: Quarantining All Traces: stats.klsoft.com cookie
    5:40 PM: Quarantining All Traces: targetnet cookie
    5:40 PM: Quarantining All Traces: techtarget cookie
    5:40 PM: Quarantining All Traces: tickle cookie
    5:40 PM: Quarantining All Traces: tmpad cookie
    5:40 PM: Quarantining All Traces: tracking cookie
    5:40 PM: Quarantining All Traces: tradedoubler cookie
    5:40 PM: Quarantining All Traces: trafficmp cookie
    5:40 PM: Quarantining All Traces: tribalfusion cookie
    5:40 PM: Quarantining All Traces: tripod cookie
    5:40 PM: Quarantining All Traces: valuead cookie
    5:40 PM: Quarantining All Traces: websponsors cookie
    5:40 PM: Quarantining All Traces: web-stat cookie
    5:40 PM: Quarantining All Traces: webtrendslive cookie
    5:40 PM: Quarantining All Traces: wirefly cookie
    5:40 PM: Quarantining All Traces: www.club-nikki cookie
    5:40 PM: Quarantining All Traces: x10 cookie
    5:40 PM: Quarantining All Traces: xiti cookie
    5:40 PM: Quarantining All Traces: xxxcounter cookie
    5:40 PM: Quarantining All Traces: xzoomy cookie
    5:40 PM: Quarantining All Traces: yieldmanager cookie
    5:40 PM: Quarantining All Traces: zedo cookie
    5:40 PM: Removal process completed. Elapsed time 00:00:51
    ********
    4:58 PM: | Start of Session, Wednesday, February 01, 2006 |
    4:58 PM: Spy Sweeper started
    4:59 PM: Your spyware definitions have been updated.
    5:00 PM: | End of Session, Wednesday, February 01, 2006 |
     
  6. lac

    lac Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    17
    Here is the Hijack this log.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:46:54 PM, on 2/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\system32\mrtMngr.EXE
    C:\WINDOWS\System32\basfipm.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [bascstray] BascsTray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {816118E7-8F44-458C-87E5-52B3649CEDB1} (PortalCom Control) - http://202.109.117.170/PortalAX02.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://execunetevents.webex.com/client/latest/event/ieatgpc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Log looks fine - there was a few things in the SS log so maybe that cleared it for u
     
  8. lac

    lac Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    17
    THanks a bunch.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436861

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice