1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Spyware Problems

Discussion in 'Windows XP' started by bella6100, Jul 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    Hello, how is everyone doin? Haven't been on in a while....

    well here is the situation: i dealt with several virus and spyware related problems before but i got those sorted out a while ago and have had no further probs ....till now that is.

    I downloaded a game from download.com and that went fine but all of a sudden there was this searchassistant thing that got installed w/out my permission. Also, something called WebNexus got installed. I know those are major annoyances so I automatically tried to delete them through add/remove but it wouldn't let me. I restarted the comp and finally got both deleted somehow. Then I ran ad-aware and got about 270 critical objects, deleted all those and restarted again. This time after running ad-aware I got these items: ABetterInternet.Nail
    iSearch Toolbar
    win32.trojan.downloader
    win32.trojan.dnschanger
    DyFuCA
    Cmdservices


    Now I have constant IE pop-ups even with the built-in pop-blocker active which was working perfectly so obviously this has to be spyware related. I can close some of the pop-ups, but most of them I cannot get rid of and then IE just freezes. I have no idea what to do. As I write this, I have 6 popups and counting (which I can't close). Here is my Hijack! log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:18 AM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\AntiSpy\gcasServ.exe
    D:\PDVDServ.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\outlook\outlook.exe
    C:\dfndref_7.exe
    C:\kybrdef_7.exe
    C:\WINDOWS\win3209273854534.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\windows\system32\dwdsregt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\nwnmef_7.exe
    C:\Program Files\Common Files\{1052B046-0701-1033-1018-010703010001}\Update.exe
    C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    D:\AntiSpy\gcasDtServ.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Priya\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bwjds.exe
    F2 - REG:system.ini: UserInit=userinit.exe,lrqhdfo.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Priya\Application Data\Mozilla\Profiles\default\koo1a0xk.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Priya\Application Data\Mozilla\Profiles\default\koo1a0xk.slt\prefs.js)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Allume\Internet Cleanup\MSFG.exe"
    O4 - HKLM\..\Run: [gcasServ] "D:\AntiSpy\gcasServ.exe"
    O4 - HKLM\..\Run: [RemoteControl] D:\PDVDServ.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gtbyx] C:\WINDOWS\System32\gtbyx.exe
    O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [win3209273854534] C:\WINDOWS\win3209273854534.exe
    O4 - HKLM\..\Run: [lty21be3] RUNDLL32.EXE w0276767.dll,n 00221be1000000030276767
    O4 - HKLM\..\Run: [{2B-B0-04-46-ZN}] C:\windows\system32\dwdsregt.exe CORN003
    O4 - HKLM\..\Run: [w0279da9.dll] RUNDLL32.EXE w0279da9.dll,I2 00221be100279da9
    O4 - HKLM\..\Run: [newname] C:\\nwnmef_7.exe
    O4 - HKLM\..\Run: [eukcroxA] C:\WINDOWS\eukcroxA.exe
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [SinglesSetup.exe] C:\DOCUME~1\Priya\Desktop\SINGLE~1.EXE /r
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe
    O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v44/bejeweled/bejeweled.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.sonypictures.com/games/luxor/mjolauncher.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_02) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDownloadControl.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Plug-in 1.4.1_02) -
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/KeyCrypt/npkcx.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UHJpeWE\command.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\eukcrox.exe (file missing)


    Please help! Thanks for reading guys!
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    1. Download this file :

    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    =======================

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    MFDnSC, thanks for your quick response :) sorry my info is in three separate posts, it kept telling me it was too long


    ComboFix Report:


    Start Time= Thu 07/27/2006 18:03:06.09
    Running from: C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080415

    QuickScan did not find any signs of infected files

    ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

    12:44:33.26

    Not all files found by this method are bad. There may be legitimate files found
    This log should be examined by a trained analyst

    * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *

    * * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    2006-07-27 09:35:42 48,167 "C:\WINDOWS\system32\VSL05.exe"
    2006-06-01 02:54:48 140,984 "C:\WINDOWS\system32\idmmbc.dll"
    2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
    2006-07-27 09:36:16 159,744 "C:\WINDOWS\system32\redist.dll"
    2006-07-27 12:32:48 159,873 "C:\WINDOWS\system32\mwinnez.exe"
    2006-05-23 17:25:52 285,488 "C:\WINDOWS\system32\WgaTray.exe"
    2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
    2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\Jgdw400.dll"
    2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\Jgpl400.dll"
    2006-07-27 11:29:32 19,290 "C:\WINDOWS\mozver.dat"

    * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
    DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

    * * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    2006-07-27 12:32:48 159,873 "C:\WINDOWS\system32\mwinnez.exe"
    2006-05-23 17:25:52 285,488 "C:\WINDOWS\system32\WgaTray.exe"
    2006-07-27 09:35:42 48,167 "C:\WINDOWS\system32\VSL05.exe"
    2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
    2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\Jgdw400.dll"
    2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\Jgpl400.dll"
    2006-06-01 02:54:48 140,984 "C:\WINDOWS\system32\idmmbc.dll"
    2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
    2006-07-27 09:36:16 159,744 "C:\WINDOWS\system32\redist.dll"
    2006-07-27 11:29:32 19,290 "C:\WINDOWS\mozver.dat"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\drsmartload1.exe
    C:\dfndref_7.exe
    C:\nwnmef_7.exe
    C:\kybrdef_7.exe
    C:\WINDOWS\newname.dat
    C:\WINDOWS\keyboard1.dat
    C:\WINDOWS\uninstall_nmon.vbs
    C:\Documents and Settings\LocalService\Application Data\NetMon

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2006-07-27 18:02:38 331750 ( A.... ) "C:\Program Files\combofix.exe"
    2006-07-27 13:19:12 1064 ( A.... ) "C:\WINDOWS\system32\lty21be3.sys"
    2006-07-27 13:19:12 1064 ( A.... ) "C:\WINDOWS\system32\lty21be3.sys"
    2006-07-27 13:02:06 ( .D... ) "C:\Program Files\Webroot"
    2006-07-27 13:02:06 ( .D... ) "C:\Documents and Settings\Priya\Application Data\Webroot"
    2006-07-27 13:01:40 10402992 ( A.... ) "C:\Program Files\ssfsetup4129_1879435232.exe"
    2006-07-27 12:32:48 159873 ( A.... ) "C:\WINDOWS\system32\mwinnez.exe"
    2006-07-27 11:55:24 212849 ( A.... ) "C:\Program Files\hijackthis.zip"
    2006-07-27 11:29:32 105168 ( A.... ) "C:\WINDOWS\NSUninst.exe"
    2006-07-27 11:29:30 ( .D... ) "C:\Program Files\AOD"
    2006-07-27 11:29:16 105168 ( A.... ) "C:\WINDOWS\GREUninstall.exe"
    2006-07-27 11:29:12 ( .D... ) "C:\Program Files\Common Files\mozilla.org"
    2006-07-27 09:36:16 159744 ( A.... ) "C:\WINDOWS\system32\redist.dll"
    2006-07-27 09:36:14 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
    2006-07-27 09:36:12 126464 ( A.... ) "C:\WINDOWS\system32\redistributor.exe"
    2006-07-27 09:35:42 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
    2006-07-27 09:35:40 111104 ( A.... ) "C:\numbsoftnew.exe"
    2006-07-27 09:35:08 27648 ( A.... ) "C:\dist13.exe"
    2006-07-27 09:34:30 143360 ( A.... ) "C:\WINDOWS\win3209273854534.exe"
    2006-07-27 09:34:06 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
    2006-07-27 09:33:18 57344 ( A.... ) "C:\fym9bvo.exe"
    2006-07-27 09:32:22 ( .D... ) "C:\Program Files\Common Files\{1052B046-0701-1033-1018-010703010001}"
    2006-07-27 09:31:28 ( .DSH. ) "C:\Program Files\outlook"
    2006-07-24 15:01:04 ( .D... ) "C:\Documents and Settings\Priya\Application Data\pixelStorm"
    2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
    2006-07-19 14:05:34 ( .D... ) "C:\Program Files\Common Files\WexTech Shared"
    2006-07-19 14:05:34 ( .D... ) "C:\Program Files\Common Files\LHSPF"
    2006-07-19 14:03:04 ( .D... ) "C:\Program Files\Borland"
    2006-07-17 10:08:14 ( .D... ) "C:\Documents and Settings\Priya\Application Data\IDM"
    2006-07-17 10:08:08 ( .D... ) "C:\Program Files\Internet Download Manager"
    2006-07-12 11:24:52 3350 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
    2006-07-12 11:24:52 3350 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
    2006-07-12 11:24:52 56 ( ..SHR ) "C:\WINDOWS\system32\DD173D8185.sys"
    2006-07-12 11:24:52 56 ( ..SHR ) "C:\WINDOWS\system32\DD173D8185.sys"
    2006-07-09 22:11:28 ( .D... ) "C:\Program Files\Shockwave.com"
    2006-07-07 16:54:10 252928 ( A.... ) "C:\WINDOWS\WRUninstall.dll"
    2006-07-07 16:53:54 208896 ( A.... ) "C:\WINDOWS\system32\WRLogonNtf.dll"
    2006-07-07 16:53:52 8704 ( A.... ) "C:\WINDOWS\system32\ssiefr.EXE"
    2006-07-07 16:53:50 20992 ( A.... ) "C:\WINDOWS\system32\wrlzma.dll"
    2006-06-24 18:21:12 ( .D... ) "C:\Documents and Settings\Priya\Application Data\Corel"
    2006-06-24 18:17:04 ( .D... ) "C:\Program Files\Corel"
    2006-06-05 11:24:34 ( .D... ) "C:\Documents and Settings\Priya\Application Data\GameBlend"
    2006-06-05 11:02:02 ( .D... ) "C:\Documents and Settings\Priya\Application Data\EA"
    2006-06-02 01:27:48 ( .D... ) "C:\Documents and Settings\Priya\Application Data\PlayFirst"
    2006-06-02 01:27:14 ( .D... ) "C:\Documents and Settings\Priya\Application Data\Mind Control Software"
    2006-06-01 02:54:48 140984 ( A.... ) "C:\WINDOWS\system32\idmmbc.dll"
    2006-05-23 17:25:52 402736 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
    2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
    2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
    2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"

    (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

    2006-07-27 13:02 8,704 C:\WINDOWS\system32\ssiefr.EXE
    2006-07-27 13:02 684,032 C:\WINDOWS\libeay32.dll
    2006-07-27 13:02 252,928 C:\WINDOWS\WRUninstall.dll
    2006-07-27 13:02 208,896 C:\WINDOWS\system32\WRLogonNtf.dll
    2006-07-27 13:02 20,992 C:\WINDOWS\system32\wrlzma.dll
    2006-07-27 13:02 155,648 C:\WINDOWS\ssleay32.dll
    2006-07-27 12:32 159,873 C:\WINDOWS\system32\mwinnez.exe
    2006-07-27 11:29 105,168 C:\WINDOWS\NSUninst.exe
    2006-07-27 11:29 105,168 C:\WINDOWS\GREUninstall.exe
    2006-07-27 09:36 38,412 C:\WINDOWS\ssqbn.exe
    2006-07-27 09:36 159,744 C:\WINDOWS\system32\redist.dll
    2006-07-27 09:36 126,464 C:\WINDOWS\system32\redistributor.exe
    2006-07-27 09:35 48,167 C:\WINDOWS\system32\VSL05.exe
    2006-07-27 09:35 27,648 C:\dist13.exe
    2006-07-27 09:35 111,104 C:\numbsoftnew.exe
    2006-07-27 09:35 1,064 C:\WINDOWS\system32\lty21be3.sys
    2006-07-27 09:34 232,749 C:\WINDOWS\pf78.exe
    2006-07-27 09:34 143,360 C:\WINDOWS\win3209273854534.exe
    2006-07-27 09:33 57,344 C:\fym9bvo.exe
    2006-07-19 14:05 111,616 C:\WINDOWS\system32\Ltih30tb.dll
    2006-07-19 14:03 417,792 C:\WINDOWS\system32\fxdb.dll
    2006-07-19 14:03 36,864 C:\WINDOWS\system32\iduninst.dll
    2006-07-19 14:03 122,880 C:\WINDOWS\system32\FXAB32.DLL
    2006-07-19 14:02 93,184 C:\WINDOWS\system32\LTIH21TB.DLL
    2006-07-19 14:02 7,680 C:\WINDOWS\system32\shlwp9en.dll
    2006-07-19 14:02 5,632 C:\WINDOWS\system32\mfcuia32.dll
    2006-07-19 14:02 46,592 C:\WINDOWS\system32\csh.dll
    2006-07-19 14:02 315,904 C:\WINDOWS\system32\glu.dll
    2006-07-19 14:02 170,496 C:\WINDOWS\system32\Awrtl30.dll
    2006-07-19 14:02 154,624 C:\WINDOWS\system32\glut.dll
    2006-07-19 14:02 133,904 C:\WINDOWS\system32\MFCANS32.DLL
    2006-07-19 14:02 131,072 C:\WINDOWS\system32\shellwp.dll
    2006-07-19 14:02 100,864 C:\WINDOWS\system32\awpe.dll
    2006-07-19 14:02 1,213,440 C:\WINDOWS\system32\opengl.dll
    2006-06-24 18:22 56 C:\WINDOWS\system32\DD173D8185.sys
    2006-06-24 18:18 3,350 C:\WINDOWS\system32\KGyGaAvL.sys

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "WinFSG"="\"C:\\Program Files\\Allume\\Internet Cleanup\\MSFG.exe\""
    "gcasServ"="\"D:\\AntiSpy\\gcasServ.exe\""
    "RemoteControl"="D:\\PDVDServ.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "gtbyx"="C:\\WINDOWS\\System32\\gtbyx.exe"
    "msnsyslog"="C:\\WINDOWS\\msnappm.exe"
    "IPInSightLAN 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
    "IPInSightMonitor 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
    "NvCplDaemon"="\"RUNDLL32.EXE\" NvQTwk,NvCplDaemon initialize"
    "outlook"="\"C:\\Program Files\\outlook\\outlook.exe\" /auto"
    "winlog"="winlog.exe"
    "TheMonitor"="C:\\WINDOWS\\SYSC00.exe"
    "win3209273854534"="C:\\WINDOWS\\win3209273854534.exe"
    "lty21be3"="\"RUNDLL32.EXE\" w0276767.dll,n 00221be1000000030276767"
    "{2B-B0-04-46-ZN}"="\"C:\\windows\\system32\\dsreg.exe\" CORN003"
    "w0279da9.dll"="\"RUNDLL32.EXE\" w0279da9.dll,I2 00221be100279da9"
    "eukcroxA"="C:\\WINDOWS\\eukcroxA.exe"
    "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "SinglesSetup.exe"="C:\\DOCUME~1\\Priya\\Desktop\\SINGLE~1.EXE /r"
    "IDMan"="\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\" /onboot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "winlog"="winlog.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
    "gtbyx"="C:\\WINDOWS\\System32\\gtbyx.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "{1052B046-0701-1033-1018-010703010001}"="\"C:\\Program Files\\Common Files\\{1052B046-0701-1033-1018-010703010001}\\Update.exe\" mc-110-12-0000140"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Spyware Doctor"="\"D:\\SpyDoc\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
    "backup"="C:\\WINDOWS\\pss\\Real-time Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"=" "
    "item"="Real-time Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
    "backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe "
    "item"="VAIO Action Setup (Server)"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Priya^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Priya^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    "backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
    "location"="Startup"
    "command"="D:\\Lime\\LimeWire\\LimeWire.exe -startup"
    "item"="LimeWire On Startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="aim"
    "hkey"="HKCU"
    "command"="D:\\AIM\\aim.exe -cnetwait.odl"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CFD"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bnahpm]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bnahpm"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D2Ee4]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qogjs"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ezSP_Px"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gtbyx]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="gtbyx"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\gtbyx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IPClient"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IPMon32"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="istsvc"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcagent"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcupdate"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MPFTRAY"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSKAgent"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MskDetct"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Pop3trap"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TeaTimer"
    "hkey"="HKCU"
    "command"="D:\\SpyBot\\Spybot - Search & Destroy\\TeaTimer.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SAcc"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -u"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -u"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcvsshld"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mcmnhdlr"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WebTrapNT"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="server"
    "hkey"="HKLM"
    "command"="c:\\program files\\support.com\\client\\lserver\\server.vbs"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Ӝð3rÅWC:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Ӝð3rÅWC:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Ӝð3rÅWC:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Ӝð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qogjs"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Tmntsrv"=dword:00000002
    "SQLAgent$SONY_MEDIAMGR"=dword:00000003
    "SPTISRV"=dword:00000003
    "PACSPTISVR"=dword:00000003
    "NVSvc"=dword:00000002
    "MSSQL$SONY_MEDIAMGR"=dword:00000003
    "MskService"=dword:00000002
    "MpfService"=dword:00000002
    "MCVSRte"=dword:00000002
    "mcupdmgr.exe"=dword:00000002
    "McShield"=dword:00000003
    "iPodService"=dword:00000003
    "Adobe LM Service"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Ulead AutoDetector v2"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    KEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

    Contents of the 'Scheduled Tasks' folder

    Completion time: Thu 07/27/2006 18:03:33.10
    ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

    ComboFix.2006-07-27.180306.txt
     
  4. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    9:31 PM: None
    9:31 PM: Traces Found: 0
    9:31 PM: Memory Sweep Complete, Elapsed Time: 00:00:30
    9:31 PM: Sweep Canceled
    9:30 PM: Starting Memory Sweep
    9:30 PM: Sweep initiated using definitions version 728
    9:30 PM: Spy Sweeper 5.0.5.1286 started
    9:30 PM: | Start of Session, Thursday, July 27, 2006 |
    ********
    9:30 PM: | End of Session, Thursday, July 27, 2006 |
    7:08 PM: Shield States
    7:08 PM: Spyware Definitions: 728
    7:08 PM: Spy Sweeper 5.0.5.1286 started
    6:05 PM: | End of Session, Thursday, July 27, 2006 |
    6:04 PM: Deletion from quarantine completed. Elapsed time 00:00:00
    6:04 PM: Processing: trojan-downloader-ac2
    6:04 PM: Processing: zenosearchassistant
    6:04 PM: Deletion from quarantine initiated
    6:01 PM: Shield States
    6:00 PM: Spyware Definitions: 728
    6:00 PM: Spy Sweeper 5.0.5.1286 started
    3:50 PM: | End of Session, Thursday, July 27, 2006 |
    3:50 PM: The Spy Communication shield has blocked access to: WWW.NUMB-SOFT.COM
    3:49 PM: The Spy Communication shield has blocked access to: WWW.YOURENHANCEMENT.COM
    3:49 PM: Shield States
    3:49 PM: Spyware Definitions: 728
    3:49 PM: Spy Sweeper 5.0.5.1286 started
    1:23 PM: | End of Session, Thursday, July 27, 2006 |
    1:21 PM: Your spyware definitions have been updated.
    1:20 PM: Shield States
    1:19 PM: Spyware Definitions: 691
    1:19 PM: Spy Sweeper 5.0.5.1286 started
    1:19 PM: Spy Sweeper 5.0.5.1286 started
    1:19 PM: | Start of Session, Thursday, July 27, 2006 |
    ********
    3:41 PM: Quarantining All Traces: zenosearchassistant
    3:39 PM: Removal process initiated
    2:01 PM: Traces Found: 1978
    2:01 PM: Full Sweep has completed. Elapsed time 00:35:15
    2:01 PM: File Sweep Complete, Elapsed Time: 00:34:04
    2:01 PM: C:\Documents and Settings\Priya\Start Menu\Programs\Startup\Z_Start.lnk (ID = 235995)
    1:54 PM: C:\Program Files\outlook\p.zip (ID = 255142)
    1:52 PM: The Spy Communication shield has blocked access to: FOCUSIN.ADS.TARGETNET.COM
    1:42 PM: Warning: Failed to access drive F:
    1:42 PM: Warning: Failed to access drive E:
    1:42 PM: D:\AntiSpy\Quarantine\E20A0D88-06B2-4A7B-BFD4-9FAD8C\9F44576A-7875-4D9E-98A0-5D4F4F (ID = 208330)
    1:42 PM: Found Adware: ist surf accuracy
    1:42 PM: C:\FOUND.030\FILE0004.CHK (ID = 159)
    1:42 PM: Found Adware: look2me
    1:40 PM: The Spy Communication shield has blocked access to: FOCUSIN.ADS.TARGETNET.COM
    1:38 PM: Found Adware: deskwizz
    1:36 PM: Warning: Failed to open file "c:\documents and settings\priya\application data\mozilla\profiles\default\koo1a0xk.slt\parent.lock". The process cannot access the file because it is being used by another process
    1:33 PM: Warning: Failed to open file "c:\documents and settings\priya\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    1:33 PM: Warning: Failed to open file "c:\documents and settings\priya\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    1:33 PM: Found Adware: effective-i toolbar
    1:33 PM: Found Adware: webhancer
    1:33 PM: Warning: Failed to open file "c:\documents and settings\priya\ntuser.dat.log". The process cannot access the file because it is being used by another process
    1:33 PM: Found Adware: command
    1:27 PM: Found Trojan Horse: trojan-downloader-basebar
    1:27 PM: Found Trojan Horse: trojan-dropper-joiner
    1:27 PM: Found Adware: clkoptimizer
    1:27 PM: Found Adware: cas
    1:27 PM: Found Adware: forethought
    1:27 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
    1:27 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    1:27 PM: Starting File Sweep
    1:26 PM: Warning: Failed to access drive A:
    1:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
    1:26 PM: Found Spy Cookie: yieldmanager cookie
    1:26 PM: Found Spy Cookie: zenotecnico cookie
    1:26 PM: Found Spy Cookie: searchingbooth cookie
    1:26 PM: Found Spy Cookie: top-banners cookie
    1:26 PM: Found Spy Cookie: questionmarket cookie
    1:26 PM: Found Spy Cookie: adjuggler cookie
    1:26 PM: Found Spy Cookie: realtracker cookie
    1:26 PM: Found Spy Cookie: server.iad.liveperson cookie
    1:26 PM: Found Spy Cookie: trafficmp cookie
    1:26 PM: Found Spy Cookie: clickandtrack cookie
    1:26 PM: Found Spy Cookie: exitexchange cookie
    1:26 PM: Found Spy Cookie: burstbeacon cookie
    1:26 PM: Found Spy Cookie: clicktracks cookie
    1:26 PM: Found Spy Cookie: zedo cookie
    1:26 PM: Found Spy Cookie: primaryads cookie
    1:26 PM: Found Spy Cookie: specificclick.com cookie
    1:26 PM: Found Spy Cookie: trb.com cookie
    1:26 PM: Found Spy Cookie: valuead cookie
    1:26 PM: Found Spy Cookie: toplist cookie
    1:26 PM: Found Spy Cookie: clixgalore cookie
    1:26 PM: Found Spy Cookie: bpath cookie
    1:26 PM: Found Spy Cookie: ic-live cookie
    1:26 PM: Found Spy Cookie: adlegend cookie
    1:26 PM: Found Spy Cookie: webtrends cookie
    1:26 PM: Found Spy Cookie: stopzilla cookie
    1:26 PM: Found Spy Cookie: tribalfusion cookie
    1:26 PM: Found Spy Cookie: adknowledge cookie
    1:26 PM: Found Spy Cookie: partypoker cookie
    1:26 PM: Found Spy Cookie: pricegrabber cookie
    1:26 PM: Found Spy Cookie: falkag cookie
    1:26 PM: Found Spy Cookie: serving-sys cookie
    1:26 PM: Found Spy Cookie: ask cookie
    1:26 PM: Found Spy Cookie: about cookie
    1:26 PM: Found Spy Cookie: askmen cookie
    1:26 PM: Found Spy Cookie: adrevolver cookie
    1:26 PM: Found Spy Cookie: addynamix cookie
    1:26 PM: Found Spy Cookie: burstnet cookie
    1:26 PM: Found Spy Cookie: realmedia cookie
    1:26 PM: Found Spy Cookie: belnk cookie
    1:26 PM: Found Spy Cookie: go.com cookie
    1:26 PM: Found Spy Cookie: nextag cookie
    1:26 PM: Found Spy Cookie: adecn cookie
    1:26 PM: Found Spy Cookie: gamespy cookie
    1:26 PM: Found Spy Cookie: xiti cookie
    1:26 PM: Found Spy Cookie: dealtime cookie
    1:26 PM: Found Spy Cookie: redsheriff cookies
    1:26 PM: Found Spy Cookie: statcounter cookie
    1:26 PM: Found Spy Cookie: tacoda cookie
    1:26 PM: Found Spy Cookie: atwola cookie
    1:26 PM: Found Spy Cookie: reliablestats cookie
    1:26 PM: Found Spy Cookie: overture cookie
    1:26 PM: Found Spy Cookie: 2o7.net cookie
    1:26 PM: Starting Cookie Sweep
    1:26 PM: Registry Sweep Complete, Elapsed Time:00:00:44
    1:26 PM: Found Adware: targetsaver
    1:26 PM: Found Adware: internetoptimizer
    1:26 PM: Found Adware: ist software
    1:26 PM: Found Adware: 180search assistant/zango
    1:26 PM: Found Adware: visfx
    1:26 PM: Starting Registry Sweep
    1:26 PM: Memory Sweep Complete, Elapsed Time: 00:02:58
    1:24 PM: Detected running threat: C:\WINDOWS\system32\w0279da9.dll (ID = 276222)
    1:24 PM: Detected running threat: C:\WINDOWS\system32\lty21be3.dll (ID = 320289)
    1:24 PM: Detected running threat: C:\WINDOWS\system32\w0276767.dll (ID = 320288)
    1:24 PM: Found Trojan Horse: trojan-downloader-ac2
    1:24 PM: Detected running threat: C:\Program Files\Common Files\{1052B046-0701-1033-1018-010703010001}\Update.exe (ID = 320789)
    1:24 PM: Found Adware: maxifiles
    1:24 PM: Detected running threat: C:\Program Files\outlook\outlook.exe (ID = 255142)
    1:24 PM: Found Trojan Horse: trojan downloader matcash
    1:23 PM: Detected running threat: C:\WINDOWS\system32\dsreg.exe (ID = 293)
    1:23 PM: Found Adware: zenosearchassistant
    1:23 PM: Detected running threat: C:\WINDOWS\win3209273854534.exe (ID = 320461)
    1:23 PM: Found Adware: enbrowser
    1:23 PM: Starting Memory Sweep
    1:23 PM: Sweep initiated using definitions version 728
    1:23 PM: Spy Sweeper 5.0.5.1286 started
    1:23 PM: | Start of Session, Thursday, July 27, 2006 |
    ********
    5:34 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\dm1110[31].ssq". The file or directory is corrupted and unreadable
    5:33 PM: Quarantining All Traces: trojan downloader matcash
    5:33 PM: Quarantining All Traces: clkoptimizer
    5:33 PM: Quarantining All Traces: 180search assistant/zango
    5:33 PM: The Spy Communication shield has blocked access to: WWW.YOURENHANCEMENT.COM
    5:33 PM: Quarantining All Traces: visfx
    5:33 PM: Quarantining All Traces: trojan-downloader-ac2
    5:32 PM: Removal process initiated
    4:15 PM: Traces Found: 2333
    4:15 PM: Full Sweep has completed. Elapsed time 00:24:45
    4:15 PM: File Sweep Complete, Elapsed Time: 00:22:00
    4:14 PM: Warning: Unable to sweep compressed file: External exception C0000006
    4:13 PM: The Spy Communication shield has blocked access to: EDGE.ONLINEMEDIAOUTLET.COM
    4:11 PM: Warning: Unable to sweep compressed file: External exception C0000006
    The file or directory is corrupted and unreadable
    4:11 PM: Warning: Unable to sweep compressed file: System Error. Code: 1392.
    4:11 PM: Warning: Stream read error
    4:06 PM: Warning: Failed to access drive F:
    4:06 PM: Warning: Failed to access drive E:
    4:06 PM: Found Adware: ist surf accuracy
    4:06 PM: C:\FOUND.030\FILE0004.CHK (ID = 159)
    4:06 PM: Found Adware: look2me
    4:05 PM: The Spy Communication shield has blocked access to: WWW.YOURENHANCEMENT.COM
    4:03 PM: Warning: Failed to read file "c:\program files\outlook\p.zip". The file or directory is corrupted and unreadable
    4:02 PM: Found Adware: deskwizz
    4:02 PM: Warning: Failed to read file "c:\documents and settings\priya\complete\warcraft iii - spider 1 the spider arises map .zip". The file or directory is corrupted and unreadable
    4:00 PM: Warning: Failed to read file "c:\documents and settings\priya\local settings\temporary internet files\content.ie5\x3mqv2pf\counter[3].gif". The file or directory is corrupted and unreadable
    4:00 PM: Warning: Failed to read file "c:\documents and settings\priya\local settings\temporary internet files\content.ie5\dvmzr2pu\3478484394[1].htm". The file or directory is corrupted and unreadable
    3:59 PM: Warning: Failed to open file "c:\documents and settings\priya\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    3:59 PM: Warning: Failed to open file "c:\documents and settings\priya\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    3:59 PM: Found Adware: effective-i toolbar
    3:59 PM: Found Adware: webhancer
    3:59 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
    3:58 PM: Found Adware: command
    3:56 PM: Warning: Failed to read file "c:\windows\temp\sst15d". The file or directory is corrupted and unreadable
    3:55 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
    3:55 PM: Found Trojan Horse: trojan downloader matcash
    3:53 PM: Found Trojan Horse: trojan-downloader-basebar
    3:53 PM: Found Trojan Horse: trojan-dropper-joiner
    3:53 PM: Found Adware: clkoptimizer
    3:53 PM: Found Adware: cas
    3:53 PM: Found Adware: forethought
    3:53 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
    3:53 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    3:53 PM: Starting File Sweep
    3:53 PM: Warning: Failed to access drive A:
    3:53 PM: Registry Sweep Complete, Elapsed Time:00:00:38
    3:53 PM: Found Adware: targetsaver
    3:53 PM: Found Adware: internetoptimizer
    3:53 PM: Found Adware: ist software
    3:53 PM: Found Adware: 180search assistant/zango
    3:53 PM: Found Adware: visfx
    3:52 PM: Starting Registry Sweep
    3:52 PM: Memory Sweep Complete, Elapsed Time: 00:01:50
    3:52 PM: Detected running threat: C:\Program Files\Common Files\{1052B046-0701-1033-1018-010703010001}\Update.exe (ID = 320789)
    3:52 PM: Found Adware: maxifiles
    3:52 PM: Detected running threat: C:\WINDOWS\system32\w0279da9.dll (ID = 276222)
    3:52 PM: Detected running threat: C:\WINDOWS\system32\w0276767.dll (ID = 320288)
    3:52 PM: Found Trojan Horse: trojan-downloader-ac2
    3:52 PM: Detected running threat: C:\WINDOWS\win3209273854534.exe (ID = 320461)
    3:52 PM: Found Adware: enbrowser
    3:51 PM: The Spy Communication shield has blocked access to: WWW.NUMB-SOFT.COM
    3:51 PM: The Spy Communication shield has blocked access to: WWW.NUMB-SOFT.COM
    3:51 PM: The Spy Communication shield has blocked access to: WWW.NUMB-SOFT.COM
    3:51 PM: The Spy Communication shield has blocked access to: WWW.NUMB-SOFT.COM
    3:50 PM: Starting Memory Sweep
    3:50 PM: Sweep initiated using definitions version 728
    3:50 PM: Spy Sweeper 5.0.5.1286 started
    3:50 PM: | Start of Session, Thursday, July 27, 2006 |
    ********
    6:13 PM: | End of Session, Thursday, July 27, 2006 |
    6:13 PM: Deletion from quarantine completed. Elapsed time 00:00:01
    6:13 PM: Processing: ist software
    6:13 PM: Processing: internetoptimizer
    6:13 PM: Processing: targetsaver
    6:13 PM: Processing: trojan-downloader-basebar
    6:13 PM: Processing: trojan-dropper-joiner
    6:13 PM: Processing: cas
    6:13 PM: Processing: forethought
    6:13 PM: Processing: maxifiles
    6:13 PM: Processing: enbrowser
    6:13 PM: Processing: trojan downloader matcash
    6:13 PM: Deletion from quarantine initiated
    6:12 PM: Removal process completed. Elapsed time 00:01:18
    6:12 PM: A reboot was required but declined.
    6:12 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTD9.tmp". Reason: The system cannot find the file specified
    6:12 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    6:12 PM: Quarantining All Traces: ist software
    6:12 PM: Quarantining All Traces: trojan-downloader-basebar
    6:12 PM: Quarantining All Traces: trojan-dropper-joiner
    6:12 PM: Quarantining All Traces: cas
    6:12 PM: Quarantining All Traces: forethought
    6:12 PM: Quarantining All Traces: targetsaver
    6:12 PM: Quarantining All Traces: internetoptimizer
    6:12 PM: Quarantining All Traces: maxifiles
    6:12 PM: C:\WINDOWS\win3209273854534.exe is in use. It will be removed on reboot.
    6:12 PM: enbrowser is in use. It will be removed on reboot.
    6:11 PM: Quarantining All Traces: enbrowser
    6:11 PM: Quarantining All Traces: trojan downloader matcash
    6:11 PM: Removal process initiated
    6:10 PM: Sweep Status: 65 Items Found
    6:10 PM: Traces Found: 115
    6:10 PM: File Sweep Complete, Elapsed Time: 00:02:50
    6:10 PM: Sweep Canceled
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
    6:09 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
    6:09 PM: C:\WINDOWS\system32\redistributor.exe (ID = 293590)
    6:09 PM: C:\WINDOWS\system32\redist.dll (ID = 293589)
    6:09 PM: C:\WINDOWS\system32\VSL05.exe (ID = 299775)
    6:09 PM: C:\WINDOWS\system32\winlog.exe (ID = 255143)
    6:09 PM: Found Trojan Horse: trojan downloader matcash
    6:08 PM: C:\WINDOWS\lt.exe (ID = 319946)
    6:08 PM: C:\WINDOWS\ssqbn.exe (ID = 323511)
    6:08 PM: Found Trojan Horse: trojan-downloader-basebar
    6:08 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || win3209273854534 (ID = 0)
    6:08 PM: C:\WINDOWS\win3209273854534.exe (ID = 320461)
    6:08 PM: C:\WINDOWS\unin101.exe (ID = 245111)
    6:08 PM: C:\WINDOWS\uni_eh.exe (ID = 245110)
    6:08 PM: C:\WINDOWS\pf78.exe (ID = 244430)
    6:08 PM: C:\numbsoftnew.exe (ID = 301341)
    6:08 PM: Found Trojan Horse: trojan-dropper-joiner
    6:08 PM: C:\dist13.exe (ID = 295817)
    6:08 PM: Found Adware: cas
    6:08 PM: C:\fym9bvo.exe (ID = 328135)
    6:08 PM: Found Adware: forethought
    6:08 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
    6:08 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    6:08 PM: Starting File Sweep
    6:08 PM: Warning: Failed to access drive A:
    6:18 PM: | End of Session, Thursday, July 27, 2006 |
    6:17 PM: Deletion from quarantine completed. Elapsed time 00:00:01
    6:17 PM: Processing: revenue.net cookie
    6:17 PM: Processing: casalemedia cookie
    6:17 PM: Processing: yieldmanager cookie
    6:17 PM: Processing: ru4 cookie
    6:17 PM: Processing: zenotecnico cookie
    6:17 PM: Processing: maxserving cookie
    6:17 PM: Processing: searchingbooth cookie
    6:17 PM: Processing: searchingbooth cookie
    6:17 PM: Processing: top-banners cookie
    6:17 PM: Processing: questionmarket cookie
    6:17 PM: Processing: adknowledge cookie
    6:17 PM: Processing: hbmediapro cookie
    6:17 PM: Processing: adjuggler cookie
    6:17 PM: Processing: realtracker cookie
    6:17 PM: Processing: server.iad.liveperson cookie
    6:17 PM: Processing: server.iad.liveperson cookie
    6:17 PM: Processing: adrevolver cookie
    6:17 PM: Processing: clickandtrack cookie
    6:17 PM: Processing: burstbeacon cookie
    6:17 PM: Processing: clicktracks cookie
    6:17 PM: Processing: realmedia cookie
    6:17 PM: Processing: realmedia cookie
    6:17 PM: Processing: falkag cookie
    6:17 PM: Processing: falkag cookie
    6:17 PM: Processing: primaryads cookie
    6:17 PM: Processing: specificclick.com cookie
    6:17 PM: Processing: trb.com cookie
    6:17 PM: Processing: toplist cookie
    6:17 PM: Processing: clixgalore cookie
    6:17 PM: Processing: valuead cookie
    6:17 PM: Processing: bpath cookie
    6:17 PM: Processing: bpath cookie
    6:17 PM: Processing: ic-live cookie
    6:17 PM: Processing: adlegend cookie
    6:17 PM: Processing: webtrends cookie
    6:17 PM: Processing: stopzilla cookie
    6:17 PM: Processing: tribalfusion cookie
    6:17 PM: Processing: partypoker cookie
    6:17 PM: Processing: pricegrabber cookie
    6:17 PM: Processing: pricegrabber cookie
    6:17 PM: Processing: exitexchange cookie
    6:17 PM: Deletion from quarantine initiated
    6:17 PM: Deletion from quarantine completed. Elapsed time 00:00:00
    6:17 PM: Processing: serving-sys cookie
    6:17 PM: Deletion from quarantine initiated
    6:17 PM: Deletion from quarantine completed. Elapsed time 00:00:00
    6:17 PM: Processing: ask cookie
    6:17 PM: Deletion from quarantine initiated
    6:17 PM: Deletion from quarantine completed. Elapsed time 00:00:01
    6:17 PM: Processing: about cookie
    6:17 PM: Processing: askmen cookie
    6:17 PM: Processing: burstnet cookie
    6:17 PM: Processing: belnk cookie
    6:17 PM: Processing: go.com cookie
    6:17 PM: Processing: go.com cookie
    6:17 PM: Processing: adecn cookie
    6:17 PM: Processing: gamespy cookie
    6:17 PM: Processing: xiti cookie
    6:17 PM: Processing: addynamix cookie
    6:17 PM: Processing: dealtime cookie
    6:17 PM: Processing: dealtime cookie
    6:17 PM: Processing: redsheriff cookies
    6:17 PM: Processing: zedo cookie
    6:17 PM: Processing: tacoda cookie
    6:17 PM: Processing: tacoda cookie
    6:17 PM: Processing: atwola cookie
    6:17 PM: Processing: reliablestats cookie
    6:17 PM: Deletion from quarantine initiated
    6:16 PM: Deletion from quarantine completed. Elapsed time 00:00:00
    6:16 PM: Processing: overture cookie
    6:16 PM: Processing: overture cookie
    6:16 PM: Processing: overture cookie
    6:16 PM: Deletion from quarantine initiated
    6:16 PM: Deletion from quarantine completed. Elapsed time 00:00:00
    6:16 PM: Processing: 2o7.net cookie
    6:16 PM: Deletion from quarantine initiated
    6:16 PM: Removal process completed. Elapsed time 00:00:19
    6:16 PM: Quarantining All Traces: revenue.net cookie
    6:16 PM: Quarantining All Traces: casalemedia cookie
    6:16 PM: Quarantining All Traces: yieldmanager cookie
    6:16 PM: Quarantining All Traces: ru4 cookie
    6:16 PM: Quarantining All Traces: zenotecnico cookie
    6:16 PM: Quarantining All Traces: maxserving cookie
    6:16 PM: Quarantining All Traces: searchingbooth cookie
    6:16 PM: Quarantining All Traces: top-banners cookie
    6:16 PM: Quarantining All Traces: questionmarket cookie
    6:16 PM: Quarantining All Traces: adknowledge cookie
    6:16 PM: Quarantining All Traces: hbmediapro cookie
    6:16 PM: Quarantining All Traces: adjuggler cookie
    6:16 PM: Quarantining All Traces: realtracker cookie
    6:16 PM: Quarantining All Traces: server.iad.liveperson cookie
    6:16 PM: Quarantining All Traces: adrevolver cookie
    6:16 PM: Quarantining All Traces: clickandtrack cookie
    6:16 PM: Quarantining All Traces: burstbeacon cookie
    6:16 PM: Quarantining All Traces: clicktracks cookie
    6:16 PM: Quarantining All Traces: realmedia cookie
    6:16 PM: Quarantining All Traces: falkag cookie
    6:16 PM: Quarantining All Traces: primaryads cookie
    6:16 PM: Quarantining All Traces: specificclick.com cookie
    6:16 PM: Quarantining All Traces: trb.com cookie
    6:16 PM: Quarantining All Traces: toplist cookie
    6:16 PM: Quarantining All Traces: clixgalore cookie
    6:16 PM: Quarantining All Traces: valuead cookie
    6:16 PM: Quarantining All Traces: bpath cookie
    6:16 PM: Quarantining All Traces: ic-live cookie
    6:16 PM: Quarantining All Traces: adlegend cookie
    6:16 PM: Quarantining All Traces: webtrends cookie
    6:16 PM: Quarantining All Traces: stopzilla cookie
    6:16 PM: Quarantining All Traces: tribalfusion cookie
    6:16 PM: Quarantining All Traces: partypoker cookie
    6:16 PM: Quarantining All Traces: pricegrabber cookie
    6:16 PM: Quarantining All Traces: exitexchange cookie
    6:16 PM: Quarantining All Traces: serving-sys cookie
    6:16 PM: Quarantining All Traces: ask cookie
    6:16 PM: Quarantining All Traces: about cookie
    6:16 PM: Quarantining All Traces: askmen cookie
    6:16 PM: Quarantining All Traces: burstnet cookie
    6:16 PM: Quarantining All Traces: belnk cookie
    6:16 PM: Quarantining All Traces: go.com cookie
    6:16 PM: Quarantining All Traces: nextag cookie
    6:16 PM: Quarantining All Traces: adecn cookie
    6:16 PM: Quarantining All Traces: gamespy cookie
    6:16 PM: Quarantining All Traces: xiti cookie
    6:16 PM: Quarantining All Traces: addynamix cookie
    6:16 PM: Quarantining All Traces: dealtime cookie
    6:16 PM: Quarantining All Traces: redsheriff cookies
    6:16 PM: Quarantining All Traces: zedo cookie
    6:16 PM: Quarantining All Traces: tacoda cookie
    6:16 PM: Quarantining All Traces: atwola cookie
    6:16 PM: Quarantining All Traces: reliablestats cookie
    6:16 PM: Quarantining All Traces: overture cookie
    6:16 PM: Quarantining All Traces: 2o7.net cookie
    6:16 PM: Removal process initiated
    6:16 PM: Sweep Status: 55 Items Found
    6:16 PM: Traces Found: 90
    6:16 PM: File Sweep Complete, Elapsed Time: 00:00:07
    6:16 PM: Sweep Canceled
    6:16 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
    6:16 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    6:16 PM: Starting File Sweep
    6:16 PM: Warning: Failed to access drive A:
    6:16 PM: Registry Sweep Complete, Elapsed Time:00:00:33
    6:15 PM: Starting Registry Sweep
    6:15 PM: Memory Sweep Complete, Elapsed Time: 00:01:50
    6:13 PM: Starting Memory Sweep
    6:13 PM: Sweep initiated using definitions version 728
    6:13 PM: Spy Sweeper 5.0.5.1286 started
    6:13 PM: | Start of Session, Thursday, July 27, 2006 |
    ********
    6:49 PM: Quarantining All Traces: trojan downloader matcash
    6:49 PM: Removal process initiated
    6:44 PM: Traces Found: 2045
    6:44 PM: Full Sweep has completed. Elapsed time 00:26:12
    6:44 PM: File Sweep Complete, Elapsed Time: 00:24:02
    6:32 PM: Warning: Failed to access drive F:
    6:32 PM: Warning: Failed to access drive E:
    6:32 PM: D:\AntiSpy\Quarantine\E20A0D88-06B2-4A7B-BFD4-9FAD8C\9F44576A-7875-4D9E-98A0-5D4F4F (ID = 208330)
    6:32 PM: Found Adware: ist surf accuracy
    6:31 PM: C:\FOUND.030\FILE0004.CHK (ID = 159)
    6:31 PM: Found Adware: look2me
    6:29 PM: C:\Program Files\whInstall\whAgent.inf (ID = 83821)
    6:29 PM: C:\Program Files\whInstall\whInstaller.ini (ID = 83847)
    6:29 PM: C:\Program Files\whInstall (2 subtraces) (ID = 2147487232)
    6:29 PM: Found Adware: webhancer
    6:28 PM: C:\Program Files\outlook\v.tmp (ID = 255142)
    6:28 PM: Found Trojan Horse: trojan downloader matcash
    6:28 PM: C:\Program Files\Outlook Express\nilodocyw.html (ID = 310472)
    6:28 PM: C:\Program Files\Online Services\nigysemyc.dll (ID = 301391)
    6:28 PM: Found Trojan Horse: trojan-dropper-joiner
    6:28 PM: C:\Program Files\Windows NT\qunygyf.html (ID = 323861)
    6:28 PM: Found Adware: deskwizz
    6:28 PM: C:\Program Files\Common Files\qkoq\qkoqd\vocabulary (ID = 78283)
    6:28 PM: C:\Program Files\Common Files\qkoq\qkoqd\class-barrel (ID = 78229)
    6:28 PM: Found Adware: targetsaver
    6:25 PM: Warning: Failed to open file "c:\documents and settings\priya\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\priya\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\priya\ntuser.dat.log". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\priya\ntuser.dat". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    6:25 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
    6:25 PM: C:\WINDOWS\UHJpeWE\oJLDyqH.vbs (ID = 185675)
    6:25 PM: Found Adware: command
    6:21 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
    6:20 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
    6:20 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    6:20 PM: Starting File Sweep
    6:20 PM: Warning: Failed to access drive A:
    6:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    6:20 PM: Starting Cookie Sweep
    6:20 PM: Registry Sweep Complete, Elapsed Time:00:00:34
    6:19 PM: Starting Registry Sweep
    6:19 PM: Memory Sweep Complete, Elapsed Time: 00:01:28
    6:18 PM: Starting Memory Sweep
    6:18 PM: Sweep initiated using definitions version 728
    6:18 PM: Spy Sweeper 5.0.5.1286 started
    6:18 PM: | Start of Session, Thursday, July 27, 2006 |
    ********
     
  5. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    Logfile of HijackThis v1.99.1
    Scan saved at 11:13:31 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    D:\PDVDServ.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    D:\AntiSpy\gcasDtServ.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\DOCUME~1\Priya\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Priya\Application Data\Mozilla\Profiles\default\koo1a0xk.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Priya\Application Data\Mozilla\Profiles\default\koo1a0xk.slt\prefs.js)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Allume\Internet Cleanup\MSFG.exe"
    O4 - HKLM\..\Run: [gcasServ] "D:\AntiSpy\gcasServ.exe"
    O4 - HKLM\..\Run: [RemoteControl] D:\PDVDServ.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gtbyx] C:\WINDOWS\System32\gtbyx.exe
    O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [outlook] "C:\Program Files\outlook\outlook.exe" /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [lty21be3] "RUNDLL32.EXE" w0276767.dll,n 00221be1000000030276767
    O4 - HKLM\..\Run: [{2B-B0-04-46-ZN}] "C:\windows\system32\dsreg.exe" CORN003
    O4 - HKLM\..\Run: [w0279da9.dll] "RUNDLL32.EXE" w0279da9.dll,I2 00221be100279da9
    O4 - HKLM\..\Run: [eukcroxA] C:\WINDOWS\eukcroxA.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [SinglesSetup.exe] C:\DOCUME~1\Priya\Desktop\SINGLE~1.EXE /r
    O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe
    O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v44/bejeweled/bejeweled.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.sonypictures.com/games/luxor/mjolauncher.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_02) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDownloadControl.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Plug-in 1.4.1_02) -
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/KeyCrypt/npkcx.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Thanks again for your help !
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    ============================

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [gtbyx] C:\WINDOWS\System32\gtbyx.exe

    O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe

    O4 - HKLM\..\Run: [outlook] "C:\Program Files\outlook\outlook.exe" /auto

    O4 - HKLM\..\Run: [winlog] winlog.exe

    O4 - HKLM\..\Run: [lty21be3] "RUNDLL32.EXE" w0276767.dll,n 00221be1000000030276767

    O4 - HKLM\..\Run: [{2B-B0-04-46-ZN}] "C:\windows\system32\dsreg.exe" CORN003

    O4 - HKLM\..\Run: [w0279da9.dll] "RUNDLL32.EXE" w0279da9.dll,I2 00221be100279da9

    O4 - HKLM\..\Run: [eukcroxA] C:\WINDOWS\eukcroxA.exe

    O4 - HKLM\..\RunServices: [winlog] winlog.exe

    O4 - HKCU\..\Run: [SinglesSetup.exe] C:\DOCUME~1\Priya\Desktop\SINGLE~1.EXE /r

    O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\gtbyx.exe
    C:\WINDOWS\msnappm.exe
    C:\Program Files\outlook
    C:\windows\system32\winlog.exe
    C:\windows\system32\w0276767.dll
    C:\windows\system32\dsreg.exe
    C:\windows\system32\w0279da9.dll
    C:\WINDOWS\eukcroxA.exe
    C:\DOCUME~1\Priya\Desktop\SINGLE~1.EXE
    C:\WINDOWS\system32\lty21be3.sys

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    :confused:

    ok so i downloaded the Hijack as well as the Killbox and i copied all the info you told me into notepad, and I restarted the comp to go into safemode. The first time I did it, I was able to get into safemode w/ no problem, but mabye I don't really know how to work Safe mode cuz - where am i supposed to find the killbox file or the hijack file or my notepad files, non of them were there..... so I restarted the comp so i could get all the info, but now if I try to go into safe mode, I can't. I click on safe mode and I get a page full of these lines:

    multi(0)disk(0)rddisk(0)partition(1)win\system32\drivers\ and a bunch of names and then nothing happens. I have no idea if i did anything wrong, I am pretty confused.

    Can i check and fix all the Hijack stuff you told me if I am not in safe mode, cause I have done that before. I can only run Killbox in safe mode? After your previous post and running spysweeper, I have had no popup problems though although my comp seems to have slowed down significantly at times. Please help!
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do it in normal mode, boot and then post a new log
     
  9. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    ok, I deleted all items and here is the new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:02:41 AM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\PDVDServ.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Priya\Application Data\Mozilla\Profiles\default\koo1a0xk.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Priya\Application Data\Mozilla\Profiles\default\koo1a0xk.slt\prefs.js)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Allume\Internet Cleanup\MSFG.exe"
    O4 - HKLM\..\Run: [gcasServ] "D:\AntiSpy\gcasServ.exe"
    O4 - HKLM\..\Run: [RemoteControl] D:\PDVDServ.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe
    O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v44/bejeweled/bejeweled.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.sonypictures.com/games/luxor/mjolauncher.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_02) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDownloadControl.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Plug-in 1.4.1_02) -
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.sonypictures.com/games/gamehouse/SproutLauncher.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/KeyCrypt/npkcx.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. bella6100

    bella6100 Thread Starter

    Joined:
    Feb 6, 2005
    Messages:
    117
    (y) Thank you so much for your help. I installed AVG and there were no viruses found. My system had been running extremely slow lately, so I uninstalled Spysweeper, and now it is back to its normal speed. Once, again thank you for all your assistance:)
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486904

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice