1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Slow web surfing and PC slow in general

Discussion in 'Virus & Other Malware Removal' started by wmacmanus, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    Hi,
    My PC has slowed to a crawl in the past few weeks. About six months ago I got highspeed cable connection and it was very fast, not now tough. :confused:

    I read through a bunch of threads and know it all starts with the HJT log, so here it is. Thanks in advance for your efforts.

    Regards,
    wmac

    Logfile of HijackThis v1.99.1
    Scan saved at 9:09:14 PM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Windows\system32\nvsvc32.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\devldr32.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\HijackThis\hijackthis\HijackThis.exe
    C:\Windows\system32\taskmgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
    O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
    O3 - Toolbar: FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft WinSound] mkyxcghm.exe
    O4 - HKLM\..\Run: [GGZcJAf] C:\documents and settings\heidi macmanus\local settings\temp\GGZcJAf.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunServices: [Microsoft WinUpdate] qjabssbvox.exe
    O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
    O4 - HKLM\..\RunServices: [Microsoft WinSound] mkyxcghm.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft WinSound] mkyxcghm.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.esc.edu/support/plugins/ebraryRdr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17362e5515f8649b7819/netzip/RdxIE601.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    Hi MFDnSC,
    The Spy Sweeper log is longer than 30000 characters so it will not let me post it in one piece. I will break it into two posts and reference each piece as 'Spy Sweeper log 060730 part 1' and 'Spy Sweeper log 060730 part 2'. Third I will post the HJT log. Thanks.

    Regards,
    wmac
     
  4. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    Spy Sweeper log 060730 part 1:

    12:42 PM: Removal process completed. Elapsed time 00:00:39
    12:42 PM: Quarantining All Traces: ysbweb cookie
    12:42 PM: Quarantining All Traces: sidefind cookie
    12:42 PM: Quarantining All Traces: toprebates.com cookie
    12:42 PM: Quarantining All Traces: xxxtoolbar cookie
    12:42 PM: Quarantining All Traces: adserver cookie
    12:42 PM: Quarantining All Traces: valuead cookie
    12:42 PM: Quarantining All Traces: coremetrics cookie
    12:42 PM: Quarantining All Traces: trafficmp cookie
    12:42 PM: Quarantining All Traces: tradedoubler cookie
    12:42 PM: Quarantining All Traces: clicktracks cookie
    12:42 PM: Quarantining All Traces: statcounter cookie
    12:42 PM: Quarantining All Traces: mediaplex cookie
    12:42 PM: Quarantining All Traces: linksynergy cookie
    12:42 PM: Quarantining All Traces: centrport net cookie
    12:42 PM: Quarantining All Traces: zedo cookie
    12:42 PM: Quarantining All Traces: bluestreak cookie
    12:42 PM: Quarantining All Traces: falkag cookie
    12:42 PM: Quarantining All Traces: advertising cookie
    12:42 PM: Quarantining All Traces: pointroll cookie
    12:42 PM: Quarantining All Traces: addynamix cookie
    12:42 PM: Quarantining All Traces: 247realmedia cookie
    12:42 PM: Quarantining All Traces: webtrendslive cookie
    12:42 PM: Quarantining All Traces: atlas dmt cookie
    12:42 PM: Quarantining All Traces: xren_cj cookie
    12:42 PM: Quarantining All Traces: xiti cookie
    12:42 PM: Quarantining All Traces: claxonmedia cookie
    12:42 PM: Quarantining All Traces: wirefly cookie
    12:42 PM: Quarantining All Traces: screensavers.com cookie
    12:42 PM: Quarantining All Traces: redzip cookie
    12:42 PM: Quarantining All Traces: freepassbucks cookie
    12:42 PM: Quarantining All Traces: burstbeacon cookie
    12:42 PM: Quarantining All Traces: webpower cookie
    12:42 PM: Quarantining All Traces: videodome cookie
    12:42 PM: Quarantining All Traces: uproar cookie
    12:42 PM: Quarantining All Traces: reliablestats cookie
    12:42 PM: Quarantining All Traces: dealtime cookie
    12:42 PM: Quarantining All Traces: serving-sys cookie
    12:42 PM: Quarantining All Traces: web-stat cookie
    12:42 PM: Quarantining All Traces: adjuggler cookie
    12:42 PM: Quarantining All Traces: directtrack cookie
    12:42 PM: Quarantining All Traces: questionmarket cookie
    12:42 PM: Quarantining All Traces: partypoker cookie
    12:42 PM: Quarantining All Traces: outster cookie
    12:42 PM: Quarantining All Traces: offeroptimizer cookie
    12:42 PM: Quarantining All Traces: nextag cookie
    12:42 PM: Quarantining All Traces: realmedia cookie
    12:42 PM: Quarantining All Traces: aptimus cookie
    12:42 PM: Quarantining All Traces: mygeek cookie
    12:42 PM: Quarantining All Traces: military cookie
    12:42 PM: Quarantining All Traces: adrevolver cookie
    12:42 PM: Quarantining All Traces: webtrends cookie
    12:42 PM: Quarantining All Traces: kmpads cookie
    12:42 PM: Quarantining All Traces: kinghost cookie
    12:42 PM: Quarantining All Traces: sb01 cookie
    12:42 PM: Quarantining All Traces: inqwire cookie
    12:42 PM: Quarantining All Traces: infospace cookie
    12:42 PM: Quarantining All Traces: imlive.com cookie
    12:42 PM: Quarantining All Traces: ic-live cookie
    12:42 PM: Quarantining All Traces: hypertracker.com cookie
    12:42 PM: Quarantining All Traces: homestore cookie
    12:42 PM: Quarantining All Traces: clickandtrack cookie
    12:42 PM: Quarantining All Traces: starware.com cookie
    12:42 PM: Quarantining All Traces: goldenpalace cookie
    12:42 PM: Quarantining All Traces: wegcash cookie
    12:42 PM: Quarantining All Traces: fastclick cookie
    12:42 PM: Quarantining All Traces: ru4 cookie
    12:42 PM: Quarantining All Traces: did-it cookie
    12:42 PM: Quarantining All Traces: overture cookie
    12:42 PM: Quarantining All Traces: clickzs cookie
    12:42 PM: Quarantining All Traces: paypopup cookie
    12:42 PM: Quarantining All Traces: exitexchange cookie
    12:42 PM: Quarantining All Traces: coolsavings cookie
    12:42 PM: Quarantining All Traces: classmates cookie
    12:42 PM: Quarantining All Traces: ccbill cookie
    12:42 PM: Quarantining All Traces: cassava cookie
    12:42 PM: Quarantining All Traces: enhance cookie
    12:42 PM: Quarantining All Traces: burstnet cookie
    12:42 PM: Quarantining All Traces: bizrate cookie
    12:42 PM: Quarantining All Traces: bannerspace cookie
    12:42 PM: Quarantining All Traces: azjmp cookie
    12:42 PM: Quarantining All Traces: atwola cookie
    12:42 PM: Quarantining All Traces: belnk cookie
    12:42 PM: Quarantining All Traces: ask cookie
    12:42 PM: Quarantining All Traces: askmen cookie
    12:42 PM: Quarantining All Traces: casalemedia cookie
    12:42 PM: Quarantining All Traces: tacoda cookie
    12:42 PM: Quarantining All Traces: reunion cookie
    12:42 PM: Quarantining All Traces: primaryads cookie
    12:42 PM: Quarantining All Traces: adultrevenueservice cookie
    12:42 PM: Quarantining All Traces: adultfriendfinder cookie
    12:42 PM: Quarantining All Traces: cc214142 cookie
    12:42 PM: Quarantining All Traces: specificclick.com cookie
    12:42 PM: Quarantining All Traces: hotbar cookie
    12:42 PM: Quarantining All Traces: hbmediapro cookie
    12:42 PM: Quarantining All Traces: adlegend cookie
    12:42 PM: Quarantining All Traces: adknowledge cookie
    12:42 PM: Quarantining All Traces: adecn cookie
    12:42 PM: Quarantining All Traces: yieldmanager cookie
    12:42 PM: Quarantining All Traces: about cookie
    12:42 PM: Quarantining All Traces: go.com cookie
    12:42 PM: Quarantining All Traces: websponsors cookie
    12:42 PM: Quarantining All Traces: tribalfusion cookie
    12:42 PM: Quarantining All Traces: 888 cookie
    12:42 PM: Quarantining All Traces: 2o7.net cookie
    12:42 PM: Quarantining All Traces: ist powerscan
    12:42 PM: Quarantining All Traces: wildmedia
    12:41 PM: Removal process initiated
     
  5. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    Spy Sweeper log 060730 part 2:

    12:35 PM: Traces Found: 205
    12:35 PM: Full Sweep has completed. Elapsed time 00:32:16
    12:35 PM: File Sweep Complete, Elapsed Time: 00:28:38
    12:28 PM: Warning: Failed to access drive E:
    12:28 PM: Warning: Failed to access drive D:
    12:27 PM: Warning: Failed to open file "c:\windows\temp\sqlite_kegyez1nfhzzxvv". The operation completed successfully
    12:27 PM: Warning: Failed to open file "c:\windows\temp\sqlite_lge37vcwv1nmmhv". The operation completed successfully
    12:27 PM: C:\Power Scan\Power Scan.lnk (ID = 72676)
    12:27 PM: Found Adware: ist powerscan
    12:07 PM: Starting File Sweep
    12:07 PM: Warning: Failed to access drive A:
    12:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:12
    12:07 PM: c:\documents and settings\localservice\cookies\[email protected][2].txt (ID = 3756)
    12:07 PM: Found Spy Cookie: ysbweb cookie
    12:07 PM: c:\documents and settings\localservice\cookies\[email protected][1].txt (ID = 3740)
    12:07 PM: c:\documents and settings\localservice\cookies\[email protected][2].txt (ID = 3374)
    12:07 PM: Found Spy Cookie: sidefind cookie
    12:07 PM: c:\documents and settings\localservice\cookies\[email protected][2].txt (ID = 3561)
    12:07 PM: Found Spy Cookie: toprebates.com cookie
    12:07 PM: c:\documents and settings\localservice\cookies\[email protected][1].txt (ID = 3740)
    12:07 PM: Found Spy Cookie: xxxtoolbar cookie
    12:07 PM: c:\documents and settings\wyatt macmanus\cookies\[email protected][1].txt (ID = 3447)
    12:07 PM: c:\documents and settings\wyatt macmanus\cookies\[email protected][1].txt (ID = 2284)
    12:07 PM: c:\documents and settings\wyatt macmanus\cookies\[email protected][2].txt (ID = 3665)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3762)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2142)
    12:07 PM: Found Spy Cookie: adserver cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2337)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2335)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3627)
    12:07 PM: Found Spy Cookie: valuead cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2472)
    12:07 PM: Found Spy Cookie: coremetrics cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3589)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3581)
    12:07 PM: Found Spy Cookie: trafficmp cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3575)
    12:07 PM: Found Spy Cookie: tradedoubler cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 6444)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3667)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2407)
    12:07 PM: Found Spy Cookie: clicktracks cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3447)
    12:07 PM: Found Spy Cookie: statcounter cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3343)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3235)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3217)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3106)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3105)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3087)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 5014)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 6442)
    12:07 PM: Found Spy Cookie: mediaplex cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][3].txt (ID = 2089)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2089)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3669)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2926)
    12:07 PM: Found Spy Cookie: linksynergy cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2909)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2728)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2651)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3269)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3106)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3106)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2374)
    12:07 PM: Found Spy Cookie: centrport net cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2354)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3763)
    12:07 PM: Found Spy Cookie: zedo cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2336)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2314)
    12:07 PM: Found Spy Cookie: bluestreak cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2292)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2255)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2253)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2245)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2355)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2650)
    12:07 PM: Found Spy Cookie: falkag cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2175)
    12:07 PM: Found Spy Cookie: advertising cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3148)
    12:07 PM: Found Spy Cookie: pointroll cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2062)
    12:07 PM: Found Spy Cookie: addynamix cookie
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2088)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3400)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2768)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2072)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3751)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 1957)
    12:07 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 1953)
    12:07 PM: Found Spy Cookie: 247realmedia cookie
    12:07 PM: c:\documents and settings\the real boss\cookies\[email protected][2].txt (ID = 3667)
    12:07 PM: Found Spy Cookie: webtrendslive cookie
    12:07 PM: c:\documents and settings\the real boss\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\the real boss\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\the real boss\cookies\[email protected][2].txt (ID = 3669)
    12:07 PM: c:\documents and settings\the real boss\cookies\[email protected][2].txt (ID = 2253)
    12:07 PM: Found Spy Cookie: atlas dmt cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3749)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected]_cj[2].txt (ID = 3723)
    12:07 PM: Found Spy Cookie: xren_cj cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3717)
    12:07 PM: Found Spy Cookie: xiti cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2389)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2388)
    12:07 PM: Found Spy Cookie: claxonmedia cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3694)
    12:07 PM: Found Spy Cookie: wirefly cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
    12:07 PM: Found Spy Cookie: screensavers.com cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3256)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3250)
    12:07 PM: Found Spy Cookie: redzip cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2702)
    12:07 PM: Found Spy Cookie: freepassbucks cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2337)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2335)
    12:07 PM: Found Spy Cookie: burstbeacon cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3660)
    12:07 PM: Found Spy Cookie: webpower cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2413)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3638)
    12:07 PM: Found Spy Cookie: videodome cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3612)
    12:07 PM: Found Spy Cookie: uproar cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3442)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 6444)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3254)
    12:07 PM: Found Spy Cookie: reliablestats cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2506)
    12:07 PM: Found Spy Cookie: dealtime cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3343)
    12:07 PM: Found Spy Cookie: serving-sys cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3649)
    12:07 PM: Found Spy Cookie: web-stat cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2309)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2071)
    12:07 PM: Found Spy Cookie: adjuggler cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3255)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2528)
    12:07 PM: Found Spy Cookie: directtrack cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3217)
    12:07 PM: Found Spy Cookie: questionmarket cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3682)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2844)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3111)
    12:07 PM: Found Spy Cookie: partypoker cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3103)
    12:07 PM: Found Spy Cookie: outster cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3087)
    12:07 PM: Found Spy Cookie: offeroptimizer cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 5014)
    12:07 PM: Found Spy Cookie: nextag cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3236)
    12:07 PM: Found Spy Cookie: realmedia cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2235)
    12:07 PM: Found Spy Cookie: aptimus cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3041)
    12:07 PM: Found Spy Cookie: mygeek cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2996)
    12:07 PM: Found Spy Cookie: military cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2089)
    12:07 PM: Found Spy Cookie: adrevolver cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3669)
    12:07 PM: Found Spy Cookie: webtrends cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2909)
    12:07 PM: Found Spy Cookie: kmpads cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2903)
    12:07 PM: Found Spy Cookie: kinghost cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3288)
    12:07 PM: Found Spy Cookie: sb01 cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2867)
    12:07 PM: Found Spy Cookie: inqwire cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2865)
    12:07 PM: Found Spy Cookie: infospace cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2843)
    12:07 PM: Found Spy Cookie: imlive.com cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2821)
    12:07 PM: Found Spy Cookie: ic-live cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2817)
    12:07 PM: Found Spy Cookie: hypertracker.com cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2793)
    12:07 PM: Found Spy Cookie: homestore cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2397)
    12:07 PM: Found Spy Cookie: clickandtrack cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3442)
    12:07 PM: Found Spy Cookie: starware.com cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2728)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2728)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2734)
    12:07 PM: Found Spy Cookie: goldenpalace cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3682)
    12:07 PM: Found Spy Cookie: wegcash cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2651)
    12:07 PM: Found Spy Cookie: fastclick cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2633)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3269)
    12:07 PM: Found Spy Cookie: ru4 cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2293)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2523)
    12:07 PM: Found Spy Cookie: did-it cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3106)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3106)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3106)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3106)
    12:07 PM: Found Spy Cookie: overture cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2413)
    12:07 PM: Found Spy Cookie: clickzs cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3120)
    12:07 PM: Found Spy Cookie: paypopup cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2634)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2634)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2634)
    12:07 PM: Found Spy Cookie: exitexchange cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2465)
    12:07 PM: Found Spy Cookie: coolsavings cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2384)
    12:07 PM: Found Spy Cookie: classmates cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2369)
    12:07 PM: Found Spy Cookie: ccbill cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2362)
    12:07 PM: Found Spy Cookie: cassava cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2354)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2614)
    12:07 PM: Found Spy Cookie: enhance cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2336)
    12:07 PM: Found Spy Cookie: burstnet cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2308)
    12:07 PM: Found Spy Cookie: bizrate cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2292)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2284)
    12:07 PM: Found Spy Cookie: bannerspace cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2270)
    12:07 PM: Found Spy Cookie: azjmp cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2255)
    12:07 PM: Found Spy Cookie: atwola cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2293)
    12:07 PM: Found Spy Cookie: belnk cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2245)
    12:07 PM: Found Spy Cookie: ask cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2247)
    12:07 PM: Found Spy Cookie: askmen cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2355)
    12:07 PM: Found Spy Cookie: casalemedia cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 6445)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 6445)
    12:07 PM: Found Spy Cookie: tacoda cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3256)
    12:07 PM: Found Spy Cookie: reunion cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3190)
    12:07 PM: Found Spy Cookie: primaryads cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2167)
    12:07 PM: Found Spy Cookie: adultrevenueservice cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2165)
    12:07 PM: Found Spy Cookie: adultfriendfinder cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2367)
    12:07 PM: Found Spy Cookie: cc214142 cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3400)
    12:07 PM: Found Spy Cookie: specificclick.com cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 4207)
    12:07 PM: Found Spy Cookie: hotbar cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2768)
    12:07 PM: Found Spy Cookie: hbmediapro cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2074)
    12:07 PM: Found Spy Cookie: adlegend cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2072)
    12:07 PM: Found Spy Cookie: adknowledge cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2063)
    12:07 PM: Found Spy Cookie: adecn cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1958)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3751)
    12:07 PM: Found Spy Cookie: yieldmanager cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2037)
    12:07 PM: Found Spy Cookie: about cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    12:07 PM: Found Spy Cookie: go.com cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3665)
    12:07 PM: Found Spy Cookie: websponsors cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3590)
    12:07 PM: Found Spy Cookie: tribalfusion cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2019)
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2019)
    12:07 PM: Found Spy Cookie: 888 cookie
    12:07 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1957)
    12:07 PM: Found Spy Cookie: 2o7.net cookie
    12:07 PM: Starting Cookie Sweep
    12:06 PM: Registry Sweep Complete, Elapsed Time:00:00:39
    12:06 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146709)
    12:06 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146695)
    12:06 PM: Found Adware: wildmedia
    12:06 PM: Starting Registry Sweep
    12:06 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
    12:03 PM: Starting Memory Sweep
    12:03 PM: Sweep initiated using definitions version 691
    12:03 PM: Spy Sweeper 5.0.5.1286 started
    12:03 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
    12:03 PM: | End of Session, Sunday, July 30, 2006 |
    11:57 AM: BHO Shield: found: -- BHO installation allowed at user request
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:56 AM: Shield States
    11:56 AM: Spyware Definitions: 691
    11:55 AM: Spy Sweeper 5.0.5.1286 started
    11:55 AM: Spy Sweeper 5.0.5.1286 started
    11:55 AM: | Start of Session, Sunday, July 30, 2006 |
    ********
     
  6. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    HJT log 060730 - complete:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:45:42 PM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Windows\system32\devldr32.exe
    C:\Windows\system32\nvsvc32.exe
    C:\Windows\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
    O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
    O3 - Toolbar: FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft WinSound] mkyxcghm.exe
    O4 - HKLM\..\Run: [GGZcJAf] C:\documents and settings\heidi macmanus\local settings\temp\GGZcJAf.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\RunServices: [Microsoft WinUpdate] qjabssbvox.exe
    O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
    O4 - HKLM\..\RunServices: [Microsoft WinSound] mkyxcghm.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft WinSound] mkyxcghm.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.esc.edu/support/plugins/ebraryRdr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17362e5515f8649b7819/netzip/RdxIE601.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

    **********************************************************************************************************************************

    Thanks Again!
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)

    O4 - HKLM\..\Run: [Microsoft WinSound] mkyxcghm.exe

    O4 - HKLM\..\Run: [GGZcJAf] C:\documents and settings\heidi macmanus\local settings\temp\GGZcJAf.exe

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u

    O4 - HKLM\..\RunServices: [Microsoft WinUpdate] qjabssbvox.exe

    O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe

    O4 - HKLM\..\RunServices: [Microsoft WinSound] mkyxcghm.exe

    O4 - HKCU\..\Run: [Microsoft WinSound] mkyxcghm.exe


    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17362e55...p/RdxIE601.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.


    C:\documents and settings\heidi macmanus\local settings\temp\GGZcJAf.exe
    C:\Windows\System32\qjabssbvox.exe
    C:\Windows\System32\ smsgs.exe
    C:\Windows\System32\mkyxcghm.exe


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  8. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    For all the files you listed for Killbox, each of them I recieved the message that the file does not exist.

    When deleting the temp files, as you said, not all deleted; the three that did not were: 1. "sqlite_relHIOpC3xRkQNY", 2. "sqlite_UlvXXo67WtWKSsB", and 3. "sqlite_zGN3g24dHIbfLvq".

    A fourth gave the message that it could not be deleted but when I tried it individually it did, this one was called "sqlite_0HUMfhBEYcF3wxb".

    As far as status, I think you mean is it still slow. Yes, it is still very slow, with no noticable improvement. I hope that I did everthing listed in your directions correctly, I think I did.

    HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:53:15 PM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    C:\Windows\Explorer.EXE
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Windows\system32\nvsvc32.exe
    C:\Windows\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Windows\system32\devldr32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\HijackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
    O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
    O3 - Toolbar: FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.esc.edu/support/plugins/ebraryRdr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
     
  9. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    Hi MFDnSC,
    Actually I do notice that there is some improvement in terms of speed on the internet. It isn't close to what it was when I first got my cable connection but there definetely is improvement.

    Regards,
    wmac
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    http://www.pandasoftware.com/products/activescan.htm

    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Post a new HiJackThis log along with the results from ActiveScan
     
  11. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    Activescan:


    Incident Status Location

    Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
    Adware:adware/dyfuca Not disinfected Windows Registry
    Adware:adware/ist.istbar Not disinfected Windows Registry
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[server.iad.liveperson.net/hc/75988523]
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[.did-it.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[statse.webtrendslive.com/S113857]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[statse.webtrendslive.com/S115270]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\All Users\Documents\My Documents\eFax Messenger 4.0\Mozilla\Firefox\Profiles\juptl8zc.default\cookies.txt[statse.webtrendslive.com/dcsi8dupuerp17vzhd59b2lwc_8u5u]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\xppflfoo.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\xppflfoo.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\xppflfoo.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][1].txt
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][1].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Kids.VPRMATRIX\Cookies\[email protected][2].txt
     
  12. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    HJT log after Activescan:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:11:14 AM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    C:\Windows\Explorer.EXE
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Windows\system32\nvsvc32.exe
    C:\Windows\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Windows\system32\devldr32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SiteAdvisor\SiteAdv.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
    O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
    O3 - Toolbar: FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.esc.edu/support/plugins/ebraryRdr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    =================
    Run spysweeper again
     
  14. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    I completed the EasyCleaner, but did the registry too before I realized it wasn't listed in your instructions. Hope it isn't a set back to seeing something in the SpySweeper or HJT log, or something worse.

    SpySweeper log 060731 part 1:

    12:21 AM: Removal process completed. Elapsed time 00:00:35
    12:21 AM: Quarantining All Traces: tribalfusion cookie
    12:21 AM: Quarantining All Traces: tradedoubler cookie
    12:21 AM: Quarantining All Traces: realmedia cookie
    12:21 AM: Quarantining All Traces: fastclick cookie
    12:21 AM: Quarantining All Traces: casalemedia cookie
    12:21 AM: Quarantining All Traces: atlas dmt cookie
    12:21 AM: Quarantining All Traces: advertising cookie
    12:21 AM: Quarantining All Traces: ieplugin
    12:20 AM: Removal process initiated
    12:20 AM: Traces Found: 8
    12:20 AM: Full Sweep has completed. Elapsed time 00:35:08
    12:20 AM: File Sweep Complete, Elapsed Time: 00:29:31
    12:18 AM: Warning: Failed to access drive E:
    12:18 AM: Warning: Failed to access drive D:
    12:16 AM: Warning: Failed to open file "c:\windows\temp\sqlite_f0sjhrn54qq802o". The operation completed successfully
    12:15 AM: Warning: Failed to open file "c:\windows\temp\sqlite_ypvxgqe53q3f1fx". The operation completed successfully
    12:15 AM: Warning: Failed to open file "c:\windows\temp\sqlite_0xqz5yqrd2ba6cu". The operation completed successfully
    11:50 PM: Starting File Sweep
    11:50 PM: Warning: Failed to access drive A:
    11:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 3589)
    11:50 PM: Found Spy Cookie: tribalfusion cookie
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3575)
    11:50 PM: Found Spy Cookie: tradedoubler cookie
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 3235)
    11:50 PM: Found Spy Cookie: realmedia cookie
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2651)
    11:50 PM: Found Spy Cookie: fastclick cookie
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2354)
    11:50 PM: Found Spy Cookie: casalemedia cookie
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][2].txt (ID = 2253)
    11:50 PM: Found Spy Cookie: atlas dmt cookie
    11:50 PM: c:\documents and settings\kids.vprmatrix\cookies\[email protected][1].txt (ID = 2175)
    11:50 PM: Found Spy Cookie: advertising cookie
    11:50 PM: Starting Cookie Sweep
    11:50 PM: Registry Sweep Complete, Elapsed Time:00:01:00
    11:50 PM: HKU\S-1-5-21-515967899-2147208695-725345543-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 841067)
    11:50 PM: Found Adware: ieplugin
    11:49 PM: Starting Registry Sweep
    11:49 PM: Memory Sweep Complete, Elapsed Time: 00:04:15
    11:45 PM: Starting Memory Sweep
    11:45 PM: Sweep initiated using definitions version 730
    11:45 PM: Spy Sweeper 5.0.5.1286 started
    11:45 PM: | Start of Session, Monday, July 31, 2006 |
    ********
    11:45 PM: | End of Session, Monday, July 31, 2006 |
    11:43 PM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
    11:43 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:42 PM: Shield States
    11:42 PM: Spyware Definitions: 691
    11:42 PM: Spy Sweeper 5.0.5.1286 started
    10:01 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    10:00 PM: Automated check for program update in progress.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    9:59 PM: Warning: The handle is invalid
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:59 PM: Shield States
    9:59 PM: Spyware Definitions: 691
    9:59 PM: Spy Sweeper 5.0.5.1286 started
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    8:54 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:51 PM: Shield States
    6:51 PM: Spyware Definitions: 691
    6:51 PM: Spy Sweeper 5.0.5.1286 started
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    6:49 PM: Tamper Detection
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    6:49 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:16 PM: Shield States
    6:16 PM: Spyware Definitions: 691
    6:16 PM: Spy Sweeper 5.0.5.1286 started
    12:03 PM: | End of Session, Sunday, July 30, 2006 |
    11:57 AM: BHO Shield: found: -- BHO installation allowed at user request
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:56 AM: Shield States
    11:56 AM: Spyware Definitions: 691
    11:55 AM: Spy Sweeper 5.0.5.1286 started
    11:55 AM: Spy Sweeper 5.0.5.1286 started
    11:55 AM: | Start of Session, Sunday, July 30, 2006 |
    ********
     
  15. wmacmanus

    wmacmanus Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    24
    SpySweeper log 060731 part 2:

    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    5:55 PM: Tamper Detection
    12:42 PM: Removal process completed. Elapsed time 00:00:39
    12:42 PM: Quarantining All Traces: ysbweb cookie
    12:42 PM: Quarantining All Traces: sidefind cookie
    12:42 PM: Quarantining All Traces: toprebates.com cookie
    12:42 PM: Quarantining All Traces: xxxtoolbar cookie
    12:42 PM: Quarantining All Traces: adserver cookie
    12:42 PM: Quarantining All Traces: valuead cookie
    12:42 PM: Quarantining All Traces: coremetrics cookie
    12:42 PM: Quarantining All Traces: trafficmp cookie
    12:42 PM: Quarantining All Traces: tradedoubler cookie
    12:42 PM: Quarantining All Traces: clicktracks cookie
    12:42 PM: Quarantining All Traces: statcounter cookie
    12:42 PM: Quarantining All Traces: mediaplex cookie
    12:42 PM: Quarantining All Traces: linksynergy cookie
    12:42 PM: Quarantining All Traces: centrport net cookie
    12:42 PM: Quarantining All Traces: zedo cookie
    12:42 PM: Quarantining All Traces: bluestreak cookie
    12:42 PM: Quarantining All Traces: falkag cookie
    12:42 PM: Quarantining All Traces: advertising cookie
    12:42 PM: Quarantining All Traces: pointroll cookie
    12:42 PM: Quarantining All Traces: addynamix cookie
    12:42 PM: Quarantining All Traces: 247realmedia cookie
    12:42 PM: Quarantining All Traces: webtrendslive cookie
    12:42 PM: Quarantining All Traces: atlas dmt cookie
    12:42 PM: Quarantining All Traces: xren_cj cookie
    12:42 PM: Quarantining All Traces: xiti cookie
    12:42 PM: Quarantining All Traces: claxonmedia cookie
    12:42 PM: Quarantining All Traces: wirefly cookie
    12:42 PM: Quarantining All Traces: screensavers.com cookie
    12:42 PM: Quarantining All Traces: redzip cookie
    12:42 PM: Quarantining All Traces: freepassbucks cookie
    12:42 PM: Quarantining All Traces: burstbeacon cookie
    12:42 PM: Quarantining All Traces: webpower cookie
    12:42 PM: Quarantining All Traces: videodome cookie
    12:42 PM: Quarantining All Traces: uproar cookie
    12:42 PM: Quarantining All Traces: reliablestats cookie
    12:42 PM: Quarantining All Traces: dealtime cookie
    12:42 PM: Quarantining All Traces: serving-sys cookie
    12:42 PM: Quarantining All Traces: web-stat cookie
    12:42 PM: Quarantining All Traces: adjuggler cookie
    12:42 PM: Quarantining All Traces: directtrack cookie
    12:42 PM: Quarantining All Traces: questionmarket cookie
    12:42 PM: Quarantining All Traces: partypoker cookie
    12:42 PM: Quarantining All Traces: outster cookie
    12:42 PM: Quarantining All Traces: offeroptimizer cookie
    12:42 PM: Quarantining All Traces: nextag cookie
    12:42 PM: Quarantining All Traces: realmedia cookie
    12:42 PM: Quarantining All Traces: aptimus cookie
    12:42 PM: Quarantining All Traces: mygeek cookie
    12:42 PM: Quarantining All Traces: military cookie
    12:42 PM: Quarantining All Traces: adrevolver cookie
    12:42 PM: Quarantining All Traces: webtrends cookie
    12:42 PM: Quarantining All Traces: kmpads cookie
    12:42 PM: Quarantining All Traces: kinghost cookie
    12:42 PM: Quarantining All Traces: sb01 cookie
    12:42 PM: Quarantining All Traces: inqwire cookie
    12:42 PM: Quarantining All Traces: infospace cookie
    12:42 PM: Quarantining All Traces: imlive.com cookie
    12:42 PM: Quarantining All Traces: ic-live cookie
    12:42 PM: Quarantining All Traces: hypertracker.com cookie
    12:42 PM: Quarantining All Traces: homestore cookie
    12:42 PM: Quarantining All Traces: clickandtrack cookie
    12:42 PM: Quarantining All Traces: starware.com cookie
    12:42 PM: Quarantining All Traces: goldenpalace cookie
    12:42 PM: Quarantining All Traces: wegcash cookie
    12:42 PM: Quarantining All Traces: fastclick cookie
    12:42 PM: Quarantining All Traces: ru4 cookie
    12:42 PM: Quarantining All Traces: did-it cookie
    12:42 PM: Quarantining All Traces: overture cookie
    12:42 PM: Quarantining All Traces: clickzs cookie
    12:42 PM: Quarantining All Traces: paypopup cookie
    12:42 PM: Quarantining All Traces: exitexchange cookie
    12:42 PM: Quarantining All Traces: coolsavings cookie
    12:42 PM: Quarantining All Traces: classmates cookie
    12:42 PM: Quarantining All Traces: ccbill cookie
    12:42 PM: Quarantining All Traces: cassava cookie
    12:42 PM: Quarantining All Traces: enhance cookie
    12:42 PM: Quarantining All Traces: burstnet cookie
    12:42 PM: Quarantining All Traces: bizrate cookie
    12:42 PM: Quarantining All Traces: bannerspace cookie
    12:42 PM: Quarantining All Traces: azjmp cookie
    12:42 PM: Quarantining All Traces: atwola cookie
    12:42 PM: Quarantining All Traces: belnk cookie
    12:42 PM: Quarantining All Traces: ask cookie
    12:42 PM: Quarantining All Traces: askmen cookie
    12:42 PM: Quarantining All Traces: casalemedia cookie
    12:42 PM: Quarantining All Traces: tacoda cookie
    12:42 PM: Quarantining All Traces: reunion cookie
    12:42 PM: Quarantining All Traces: primaryads cookie
    12:42 PM: Quarantining All Traces: adultrevenueservice cookie
    12:42 PM: Quarantining All Traces: adultfriendfinder cookie
    12:42 PM: Quarantining All Traces: cc214142 cookie
    12:42 PM: Quarantining All Traces: specificclick.com cookie
    12:42 PM: Quarantining All Traces: hotbar cookie
    12:42 PM: Quarantining All Traces: hbmediapro cookie
    12:42 PM: Quarantining All Traces: adlegend cookie
    12:42 PM: Quarantining All Traces: adknowledge cookie
    12:42 PM: Quarantining All Traces: adecn cookie
    12:42 PM: Quarantining All Traces: yieldmanager cookie
    12:42 PM: Quarantining All Traces: about cookie
    12:42 PM: Quarantining All Traces: go.com cookie
    12:42 PM: Quarantining All Traces: websponsors cookie
    12:42 PM: Quarantining All Traces: tribalfusion cookie
    12:42 PM: Quarantining All Traces: 888 cookie
    12:42 PM: Quarantining All Traces: 2o7.net cookie
    12:42 PM: Quarantining All Traces: ist powerscan
    12:42 PM: Quarantining All Traces: wildmedia
    12:41 PM: Removal process initiated
    12:35 PM: Traces Found: 205
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487680

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice