the remaining spyware keeps coming back

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

pheeph

Thread Starter
Joined
Jul 11, 2003
Messages
160
Although the zlob downloader spyware is permanently gone, there's some other spyware that's still lingering in my PC. I did several scans with spybot and avg programs, but the spyware that triggers an IE window (such as "Error Detected", or windows that give me that sequence of relentless popups when I close them) keeps appearing. They either appear without warning, or trigger upon double-clicking something ("Program Files", the temp IE folder in Local Settings, etc.). Sometimes it would occur when double-clicking a folder that hasn't been opened after the spyware came in. Here's the log

Logfile of HijackThis v1.99.1
Scan saved at 6:01:54 PM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Philip\My Documents\hijackthis\HijackThis.exe

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148506199250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 

pheeph

Thread Starter
Joined
Jul 11, 2003
Messages
160
that random "Error Detected" ad appeared right after accessing Vundofix.txt. Here's the log from it.

VundoFix V5.1.1

Checking Java version...

Scan started at 9:34:22 PM 7/10/2006

Listing files found while scanning....

C:\windows\SYSTEM32\vtstt.dll
C:\windows\SYSTEM32\ttstv.ini
C:\windows\SYSTEM32\ttstv.bak1
C:\windows\SYSTEM32\ttstv.bak2

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\SYSTEM32\vtstt.dll
C:\windows\SYSTEM32\vtstt.dll Could not be deleted.

Attempting to delete C:\windows\SYSTEM32\ttstv.ini
C:\windows\SYSTEM32\ttstv.ini Has been deleted!

Attempting to delete C:\windows\SYSTEM32\ttstv.bak1
C:\windows\SYSTEM32\ttstv.bak1 Has been deleted!

Attempting to delete C:\windows\SYSTEM32\ttstv.bak2
C:\windows\SYSTEM32\ttstv.bak2 Has been deleted!

Performing Repairs to the registry.
Done!
 

pheeph

Thread Starter
Joined
Jul 11, 2003
Messages
160
and here's the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 9:48:40 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Philip\My Documents\hijackthis\HijackThis.exe

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148506199250
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
 

pheeph

Thread Starter
Joined
Jul 11, 2003
Messages
160
well the ads sort of triggered after accessing the Vundofix log. I don't know for certain if these are coming back again when I access a folder that hasn't been opened in a while.
 

pheeph

Thread Starter
Joined
Jul 11, 2003
Messages
160
here it is

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:22:46 PM 7/11/2006

+ Scan result:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1057\A0122389.dll -> Adware.Virtumonde : No action taken.
:mozilla.181:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.212:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.229:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.433:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.518:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.86:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.87:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.88:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.93:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.56:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.599:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.568:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.58:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.59:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.60:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.640:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.49:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.704:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.333:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.651:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.652:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.92:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.548:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.143:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.144:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.145:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.146:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.160:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.161:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.162:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.665:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.444:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.127:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.128:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.129:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.130:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.131:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.244:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.245:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.735:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.470:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.63:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.64:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.72:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.73:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.74:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.75:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.77:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.78:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.79:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.81:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.82:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.104:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.105:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.106:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.107:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.498:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.499:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.163:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.164:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.165:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.166:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.167:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.168:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.601:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.436:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.437:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.555:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.44:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.45:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.46:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.47:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.48:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.562:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.563:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.564:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end
 

pheeph

Thread Starter
Joined
Jul 11, 2003
Messages
160
some things like MediaPlex, HotkeysHook, and Advertising.com. This just recently triggered when I went into C:\WINDOWS. Most of them are from Cookies, while HotkeysHook has a file in my C:\WINDOWS folder
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download Webroot SpySweeper from here: http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

(It's a 2 week trial.)

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top