1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

the remaining spyware keeps coming back

Discussion in 'Virus & Other Malware Removal' started by pheeph, Jul 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    Although the zlob downloader spyware is permanently gone, there's some other spyware that's still lingering in my PC. I did several scans with spybot and avg programs, but the spyware that triggers an IE window (such as "Error Detected", or windows that give me that sequence of relentless popups when I close them) keeps appearing. They either appear without warning, or trigger upon double-clicking something ("Program Files", the temp IE folder in Local Settings, etc.). Sometimes it would occur when double-clicking a folder that hasn't been opened after the spyware came in. Here's the log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:01:54 PM, on 7/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Philip\My Documents\hijackthis\HijackThis.exe

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148506199250
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
     
  3. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    that random "Error Detected" ad appeared right after accessing Vundofix.txt. Here's the log from it.

    VundoFix V5.1.1

    Checking Java version...

    Scan started at 9:34:22 PM 7/10/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\vtstt.dll
    C:\windows\SYSTEM32\ttstv.ini
    C:\windows\SYSTEM32\ttstv.bak1
    C:\windows\SYSTEM32\ttstv.bak2

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe could not be stopped
    Vundofix may not be able to delete some files that were found.

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\windows\SYSTEM32\vtstt.dll
    C:\windows\SYSTEM32\vtstt.dll Could not be deleted.

    Attempting to delete C:\windows\SYSTEM32\ttstv.ini
    C:\windows\SYSTEM32\ttstv.ini Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\ttstv.bak1
    C:\windows\SYSTEM32\ttstv.bak1 Has been deleted!

    Attempting to delete C:\windows\SYSTEM32\ttstv.bak2
    C:\windows\SYSTEM32\ttstv.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  4. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    and here's the hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:48:40 PM, on 7/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Philip\My Documents\hijackthis\HijackThis.exe

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148506199250
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks good, any problems?
     
  6. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    well the ads sort of triggered after accessing the Vundofix log. I don't know for certain if these are coming back again when I access a folder that hasn't been opened in a while.
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to Safe Mode and run Ewido then post that log back here.
     
  8. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    here it is

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:22:46 PM 7/11/2006

    + Scan result:



    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1057\A0122389.dll -> Adware.Virtumonde : No action taken.
    :mozilla.181:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.212:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.229:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.433:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.518:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.85:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.86:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.87:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.88:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.93:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.56:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.599:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
    :mozilla.568:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
    :mozilla.58:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.59:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.60:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.640:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.49:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.704:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.333:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
    :mozilla.651:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.652:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.92:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.548:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    :mozilla.143:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.144:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.145:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.146:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.160:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.161:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.162:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.665:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
    :mozilla.444:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.127:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.128:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.129:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.130:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.131:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.244:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.245:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.735:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.470:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
    :mozilla.63:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.64:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.72:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.73:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.74:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.75:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.77:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.78:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.79:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.81:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.82:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.104:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.105:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.106:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.107:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.498:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.499:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
    :mozilla.163:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.164:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.165:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.166:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.167:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.168:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.601:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.436:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
    :mozilla.437:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
    :mozilla.555:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
    :mozilla.44:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.45:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.46:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.47:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.48:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.562:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.563:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.564:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\6pxkoyxm.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


    ::Report end
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Are you still having problems?
     
  10. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    well, spybot does detect them.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Detects what?
     
  12. pheeph

    pheeph Thread Starter

    Joined:
    Jul 11, 2003
    Messages:
    160
    some things like MediaPlex, HotkeysHook, and Advertising.com. This just recently triggered when I went into C:\WINDOWS. Most of them are from Cookies, while HotkeysHook has a file in my C:\WINDOWS folder
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download Webroot SpySweeper from here: http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - remaining spyware keeps
  1. jennys95
    Replies:
    1
    Views:
    659
  2. rjay13
    Replies:
    0
    Views:
    290
  3. dano_61
    Replies:
    14
    Views:
    921
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482016

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice