1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiVirusPro Problem

Discussion in 'Virus & Other Malware Removal' started by Zoo York, Jul 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    Today I received a trojan through an attempt to download something. I had other traces that appeared in Ad-Aware but I removed all but this nagging one, WinAntiVirusPro along with some tracking cookies. I ran a scan through HJT (Hijack This!) but I need an expert to read through my log and give me further instructions on what to do. Any prompt assistance or help in general would be greatly appreciated.

    Here is my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:51:20 PM, on 7/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    c:\program files\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ishost.exe
    C:\WINDOWS\system32\ismon.exe
    C:\Documents and Settings\Court\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {7B584DF5-CDED-1EFB-649D-19A137C8D19A} - http://85.255.113.214/1/gdnUS2339.exe
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  3. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    Here's my HJT! Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:21:15 AM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ishost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\ismon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\program files\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\DOCUME~1\Court\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {7B584DF5-CDED-1EFB-649D-19A137C8D19A} - http://85.255.113.214/1/gdnUS2339.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    My Ewido Log:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 11:52:49 PM 7/26/2006

    + Scan result:



    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\6DK0M2XV\anti4[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\cbxuvtt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mljjj.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\pmnlmnm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\WINDOWS\temp\mshtml2.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.158:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.159:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.160:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.161:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.162:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.20:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.21:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.22:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.23:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.24:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.63:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.140:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.112:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.114:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.115:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.47:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.52:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.39:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    :mozilla.74:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.76:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.78:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.124:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.150:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.43:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.44:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.45:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.46:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.41:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.144:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.145:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.146:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.13:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.134:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.135:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.126:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.127:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.128:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.129:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.130:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.131:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.132:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.53:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.54:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.56:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.57:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.116:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.141:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.142:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.143:C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\2F45XMB9\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\2F45XMB9\srvbmb[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\CDYFO1EZ\srvoll[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\WINDOWS\temp\win117.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\WINDOWS\temp\win34C.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\WINDOWS\temp\win351.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
    C:\WINDOWS\temp\win6B.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


    ::Report end
     
  4. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    Panda Log:

    Incident Status Location

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt[.com.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Court\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\cookies.txt[.peel.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][3].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][4].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Court\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Court\Local Settings\Application Data\Mozilla\Firefox\Profiles\7jrlmz7k.default\Cache\4906828Dd01[smitRem/Process.exe]
    Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\E549EXOH\srvmci[1].exe
    Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cbxuvtt.dll
    Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\wingsa32.dll
    Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\temp\win47.tmp.exe
    Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\temp\win9C.tmp.exe
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Uninstall MyWay Search Assistant from Add/remove Programs.

    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.



          [*]NOTE:
          If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.

    Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
     
  6. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    Okay, I did the Vundo run but I don't know how to get the logfile and if I was supposed to get it before I restarted, I was unaware. Should I rerun it? :confused:

    HJT Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:37:08 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\ishost.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\ismon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\AIM\aim.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\TEMP\win4E.tmp.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\DOCUME~1\Court\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {31C01794-21ED-4898-A50B-D1057207BB2B} - C:\WINDOWS\system32\mljjj.dll (file missing)
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbxuvtt.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {7B584DF5-CDED-1EFB-649D-19A137C8D19A} - http://85.255.113.214/1/gdnUS2339.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    That's ok, don't worry about it

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  8. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    2:03 AM: Removal process completed. Elapsed time 00:00:13
    2:03 AM: Quarantining All Traces: security2k hijacker
    2:03 AM: Quarantining All Traces: trojan agent winlogonhook
    2:03 AM: Removal process initiated
    2:02 AM: Traces Found: 3
    2:02 AM: Full Sweep has completed. Elapsed time 00:19:01
    2:02 AM: File Sweep Complete, Elapsed Time: 00:16:13
    2:01 AM: Warning: Failed to access drive E:
    2:00 AM: Warning: Failed to open file "c:\windows\system32\components\flx23.dll". The operation completed successfully
    2:00 AM: Warning: Failed to open file "c:\windows\system32\components\flx22.dll". The operation completed successfully
    2:00 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\jeta75b.tmp". The operation completed successfully
    1:46 AM: Starting File Sweep
    1:46 AM: Warning: Failed to access drive A:
    1:46 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    1:46 AM: Starting Cookie Sweep
    1:46 AM: Registry Sweep Complete, Elapsed Time:00:00:30
    1:46 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    1:46 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    1:46 AM: Found Adware: security2k hijacker
    1:46 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    1:46 AM: Found Trojan Horse: trojan agent winlogonhook
    1:46 AM: Starting Registry Sweep
    1:45 AM: Memory Sweep Complete, Elapsed Time: 00:02:10
    1:45 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:44 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:44 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:44 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:43 AM: Starting Memory Sweep
    1:43 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    1:43 AM: Sweep initiated using definitions version 728
    1:43 AM: Spy Sweeper 5.0.5.1286 started
    1:43 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    1:43 AM: | End of Session, Friday, July 28, 2006 |
    1:43 AM: None
    1:43 AM: Traces Found: 0
    1:43 AM: Memory Sweep Complete, Elapsed Time: 00:00:21
    1:43 AM: Sweep Canceled
    1:43 AM: Starting Memory Sweep
    1:43 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    1:43 AM: Sweep initiated using definitions version 728
    1:43 AM: Spy Sweeper 5.0.5.1286 started
    1:43 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    1:43 AM: | End of Session, Friday, July 28, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:40 AM: Shield States
    1:40 AM: Spyware Definitions: 728
    1:39 AM: Spy Sweeper 5.0.5.1286 started
    1:09 AM: | End of Session, Friday, July 28, 2006 |
    1:08 AM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
    1:08 AM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:00 AM: Shield States
    1:00 AM: Spyware Definitions: 691
    12:59 AM: Spy Sweeper 5.0.5.1286 started
    12:59 AM: Spy Sweeper 5.0.5.1286 started
    12:59 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    1:37 AM: Removal process completed. Elapsed time 00:02:12
    1:37 AM: Preparing to restart your computer. Please wait...
    1:36 AM: Quarantining All Traces: atwola cookie
    1:36 AM: Quarantining All Traces: atlas dmt cookie
    1:36 AM: Quarantining All Traces: spyware quake
    1:36 AM: Quarantining All Traces: system doctor 2006 fakealert
    1:36 AM: Quarantining All Traces: security2k hijacker
    1:36 AM: Quarantining All Traces: trojan agent winlogonhook
    1:36 AM: C:\WINDOWS\system32\cbxuvtt.dll is in use. It will be removed on reboot.
    1:36 AM: trojan-downloader-conhook is in use. It will be removed on reboot.
    1:36 AM: Quarantining All Traces: trojan-downloader-conhook
    1:34 AM: Removal process initiated
    1:33 AM: Traces Found: 18
    1:33 AM: Full Sweep has completed. Elapsed time 00:24:09
    1:33 AM: File Sweep Complete, Elapsed Time: 00:21:00
    1:31 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    1:30 AM: Warning: Failed to access drive E:
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\sqlite_r2r5v1bhey7m7kh". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\temp\sqlite_glq7ic73axw6tty". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\system32\components\flx22.dll". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\cookies\[email protected][1].txt". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\jetd735.tmp". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\program files\yahoo!\messenger\profiles\conversed_by_megalomania\archive\messages\lindsay_sayzz\20060727-conversed_by_megalomania.dat". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\system32\components\flx24.dll". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\system32\components\flx23.dll". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\application data\mozilla\firefox\profiles\7jrlmz7k.default\parent.lock". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\cookies\[email protected][1].txt". The operation completed successfully
    1:14 AM: C:\WINDOWS\temp\win7B.tmp.exe (ID = 319862)
    1:14 AM: C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\KZ0N2FGJ\srvsuq[1].exe (ID = 319862)
    1:13 AM: C:\WINDOWS\temp\win4E.tmp.exe (ID = 319862)
    1:13 AM: C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\CDYFO1EZ\srvscv[1].exe (ID = 319862)
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: Starting File Sweep
    1:12 AM: Warning: Failed to access drive A:
    1:12 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    1:12 AM: c:\documents and settings\court\cookies\[email protected][1].txt (ID = 2255)
    1:12 AM: Found Spy Cookie: atwola cookie
    1:12 AM: c:\documents and settings\court\cookies\[email protected][2].txt (ID = 2253)
    1:12 AM: Found Spy Cookie: atlas dmt cookie
    1:12 AM: Starting Cookie Sweep
    1:12 AM: Registry Sweep Complete, Elapsed Time:00:00:22
    1:12 AM: HKLM\software\classes\typelib\{5e05ea9f-1ea7-4d0b-a09b-d5e29ec758b9}\ (ID = 1538265)
    1:12 AM: HKCR\typelib\{5e05ea9f-1ea7-4d0b-a09b-d5e29ec758b9}\ (ID = 1538239)
    1:12 AM: Found Adware: spyware quake
    1:12 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    1:12 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    1:12 AM: Found Adware: security2k hijacker
    1:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
    1:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
    1:12 AM: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374128)
    1:12 AM: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374116)
    1:11 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    1:11 AM: Found Trojan Horse: trojan agent winlogonhook
    1:11 AM: Starting Registry Sweep
    1:11 AM: Memory Sweep Complete, Elapsed Time: 00:02:36
    1:11 AM: Detected running threat: C:\WINDOWS\temp\win4E.tmp.exe (ID = 319862)
    1:11 AM: Found Adware: system doctor 2006 fakealert
    1:09 AM: Starting Memory Sweep
    1:09 AM: C:\WINDOWS\system32\cbxuvtt.dll (ID = 1375012)
    1:09 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    1:09 AM: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (ID = 1375012)
    1:09 AM: Found Trojan Horse: trojan-downloader-conhook
    1:09 AM: Sweep initiated using definitions version 728
    1:09 AM: Spy Sweeper 5.0.5.1286 started
    1:09 AM: | Start of Session, Friday, July 28, 2006 |
    ********

    Logfile of HijackThis v1.99.1
    Scan saved at 2:07:36 AM, on 7/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\ishost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\ismon.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\AIM\aim.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\Court\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {7B584DF5-CDED-1EFB-649D-19A137C8D19A} - http://85.255.113.214/1/gdnUS2339.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hijack This is running from the Temp folder.
    It needs to be in a permanent folder on the hard drive.
    It will not function properly from there and it cannot create and restore backups from there.

    Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

    Let it extract to C:\Program Files
    Rerun it from there and post a new log.
     
  10. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    Logfile of HijackThis v1.99.1
    Scan saved at 8:13:52 PM, on 7/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ishost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\ismon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\LimeWire\LimeWire.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Court\Desktop\hijackthis\HijackThis.exe
    C:\WINDOWS\TEMP\win9B.tmp.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {7B584DF5-CDED-1EFB-649D-19A137C8D19A} - http://85.255.113.214/1/gdnUS2339.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  12. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    I ran Spy Sweeper to see if everything was deleted but my computer is still incredibly slow and what not.

    Here is Spy Sweeper log:

    2:28 AM: Removal process completed. Elapsed time 00:00:24
    2:28 AM: Quarantining All Traces: atwola cookie
    2:28 AM: Quarantining All Traces: atlas dmt cookie
    2:28 AM: Quarantining All Traces: 2o7.net cookie
    2:28 AM: Quarantining All Traces: system doctor 2006 fakealert
    2:28 AM: Quarantining All Traces: security2k hijacker
    2:28 AM: Quarantining All Traces: trojan agent winlogonhook
    2:28 AM: Removal process initiated
    2:27 AM: Traces Found: 7
    2:27 AM: Full Sweep has completed. Elapsed time 00:25:32
    2:27 AM: File Sweep Complete, Elapsed Time: 00:21:30
    2:24 AM: Warning: Failed to access drive E:
    2:23 AM: Warning: Failed to open file "c:\windows\system32\components\flx53.dll". The operation completed successfully
    2:23 AM: Warning: Failed to open file "c:\documents and settings\court\application data\mozilla\firefox\profiles\7jrlmz7k.default\parent.lock". The operation completed successfully
    2:23 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\jet3766.tmp". The operation completed successfully
    2:23 AM: Warning: Failed to open file "c:\windows\system32\components\flx52.dll". The operation completed successfully
    2:07 AM: C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\1WOVEFJT\srvzug[1].exe (ID = 319862)
    2:07 AM: Found Adware: system doctor 2006 fakealert
    2:06 AM: Starting File Sweep
    2:06 AM: Warning: Failed to access drive A:
    2:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    2:06 AM: c:\documents and settings\court\cookies\[email protected][1].txt (ID = 2255)
    2:06 AM: Found Spy Cookie: atwola cookie
    2:06 AM: c:\documents and settings\court\cookies\[email protected][2].txt (ID = 2253)
    2:06 AM: Found Spy Cookie: atlas dmt cookie
    2:06 AM: c:\documents and settings\court\cookies\[email protected][1].txt (ID = 1957)
    2:06 AM: Found Spy Cookie: 2o7.net cookie
    2:06 AM: Starting Cookie Sweep
    2:06 AM: Registry Sweep Complete, Elapsed Time:00:00:22
    2:06 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    2:06 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    2:06 AM: Found Adware: security2k hijacker
    2:06 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    2:06 AM: Found Trojan Horse: trojan agent winlogonhook
    2:05 AM: Starting Registry Sweep
    2:05 AM: Memory Sweep Complete, Elapsed Time: 00:03:27
    2:02 AM: Starting Memory Sweep
    2:02 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    2:02 AM: Sweep initiated using definitions version 729
    2:02 AM: Spy Sweeper 5.0.5.1286 started
    2:02 AM: | Start of Session, Saturday, July 29, 2006 |
    ********
    2:02 AM: | End of Session, Saturday, July 29, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    2:02 AM: Shield States
    2:02 AM: Spyware Definitions: 729
    2:02 AM: Spy Sweeper 5.0.5.1286 started
    1:57 AM: Spy Sweeper 5.0.5.1286 started
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    1:56 AM: Tamper Detection
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    1:56 AM: Tamper Detection
    1:49 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:49 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:49 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:49 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:46 AM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPCRAWL.EXE
    1:46 AM: Tamper Detection
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
    1:46 AM: Tamper Detection
    1:44 AM: Automated check for program update in progress.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:44 AM: Shield States
    1:44 AM: Spyware Definitions: 728
    1:41 AM: Spy Sweeper 5.0.5.1286 started
    9:15 PM: | End of Session, Friday, July 28, 2006 |
    8:57 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    8:57 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    8:57 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    8:11 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    8:11 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    8:11 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    8:11 PM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    8:11 PM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    8:11 PM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    8:11 PM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    8:07 PM: Shield States
    8:07 PM: Spyware Definitions: 728
    8:06 PM: Spy Sweeper 5.0.5.1286 started
    1:43 AM: | End of Session, Friday, July 28, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:40 AM: Shield States
    1:40 AM: Spyware Definitions: 728
    1:39 AM: Spy Sweeper 5.0.5.1286 started
    1:09 AM: | End of Session, Friday, July 28, 2006 |
    1:08 AM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
    1:08 AM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:00 AM: Shield States
    1:00 AM: Spyware Definitions: 691
    12:59 AM: Spy Sweeper 5.0.5.1286 started
    12:59 AM: Spy Sweeper 5.0.5.1286 started
    12:59 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    1:37 AM: Removal process completed. Elapsed time 00:02:12
    1:37 AM: Preparing to restart your computer. Please wait...
    1:36 AM: Quarantining All Traces: atwola cookie
    1:36 AM: Quarantining All Traces: atlas dmt cookie
    1:36 AM: Quarantining All Traces: spyware quake
    1:36 AM: Quarantining All Traces: system doctor 2006 fakealert
    1:36 AM: Quarantining All Traces: security2k hijacker
    1:36 AM: Quarantining All Traces: trojan agent winlogonhook
    1:36 AM: C:\WINDOWS\system32\cbxuvtt.dll is in use. It will be removed on reboot.
    1:36 AM: trojan-downloader-conhook is in use. It will be removed on reboot.
    1:36 AM: Quarantining All Traces: trojan-downloader-conhook
    1:34 AM: Removal process initiated
    1:33 AM: Traces Found: 18
    1:33 AM: Full Sweep has completed. Elapsed time 00:24:09
    1:33 AM: File Sweep Complete, Elapsed Time: 00:21:00
    1:31 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    1:30 AM: Warning: Failed to access drive E:
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\sqlite_r2r5v1bhey7m7kh". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\temp\sqlite_glq7ic73axw6tty". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\system32\components\flx22.dll". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\cookies\[email protected][1].txt". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\jetd735.tmp". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\program files\yahoo!\messenger\profiles\conversed_by_megalomania\archive\messages\lindsay_sayzz\20060727-conversed_by_megalomania.dat". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\system32\components\flx24.dll". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\windows\system32\components\flx23.dll". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\application data\mozilla\firefox\profiles\7jrlmz7k.default\parent.lock". The operation completed successfully
    1:28 AM: Warning: Failed to open file "c:\documents and settings\court\cookies\[email protected][1].txt". The operation completed successfully
    1:14 AM: C:\WINDOWS\temp\win7B.tmp.exe (ID = 319862)
    1:14 AM: C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\KZ0N2FGJ\srvsuq[1].exe (ID = 319862)
    1:13 AM: C:\WINDOWS\temp\win4E.tmp.exe (ID = 319862)
    1:13 AM: C:\Documents and Settings\Court\Local Settings\Temporary Internet Files\Content.IE5\CDYFO1EZ\srvscv[1].exe (ID = 319862)
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:12 AM: Starting File Sweep
    1:12 AM: Warning: Failed to access drive A:
    1:12 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    1:12 AM: c:\documents and settings\court\cookies\[email protected][1].txt (ID = 2255)
    1:12 AM: Found Spy Cookie: atwola cookie
    1:12 AM: c:\documents and settings\court\cookies\[email protected][2].txt (ID = 2253)
    1:12 AM: Found Spy Cookie: atlas dmt cookie
    1:12 AM: Starting Cookie Sweep
    1:12 AM: Registry Sweep Complete, Elapsed Time:00:00:22
    1:12 AM: HKLM\software\classes\typelib\{5e05ea9f-1ea7-4d0b-a09b-d5e29ec758b9}\ (ID = 1538265)
    1:12 AM: HKCR\typelib\{5e05ea9f-1ea7-4d0b-a09b-d5e29ec758b9}\ (ID = 1538239)
    1:12 AM: Found Adware: spyware quake
    1:12 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    1:12 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    1:12 AM: Found Adware: security2k hijacker
    1:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (ID = 1374139)
    1:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374138)
    1:12 AM: HKLM\software\classes\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374128)
    1:12 AM: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\ (ID = 1374116)
    1:11 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    1:11 AM: Found Trojan Horse: trojan agent winlogonhook
    1:11 AM: Starting Registry Sweep
    1:11 AM: Memory Sweep Complete, Elapsed Time: 00:02:36
    1:11 AM: Detected running threat: C:\WINDOWS\temp\win4E.tmp.exe (ID = 319862)
    1:11 AM: Found Adware: system doctor 2006 fakealert
    1:09 AM: Starting Memory Sweep
    1:09 AM: C:\WINDOWS\system32\cbxuvtt.dll (ID = 1375012)
    1:09 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    1:09 AM: HKCR\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}\inprocserver32\ (ID = 1375012)
    1:09 AM: Found Trojan Horse: trojan-downloader-conhook
    1:09 AM: Sweep initiated using definitions version 728
    1:09 AM: Spy Sweeper 5.0.5.1286 started
    1:09 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    1:43 AM: | End of Session, Friday, July 28, 2006 |
    1:43 AM: None
    1:43 AM: Traces Found: 0
    1:43 AM: Memory Sweep Complete, Elapsed Time: 00:00:21
    1:43 AM: Sweep Canceled
    1:43 AM: Starting Memory Sweep
    1:43 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    1:43 AM: Sweep initiated using definitions version 728
    1:43 AM: Spy Sweeper 5.0.5.1286 started
    1:43 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    2:47 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:47 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:47 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:41 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:41 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:41 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:14 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:14 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:14 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:08 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:08 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:08 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    2:05 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    2:05 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    2:05 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    2:05 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    2:03 AM: Removal process completed. Elapsed time 00:00:13
    2:03 AM: Quarantining All Traces: security2k hijacker
    2:03 AM: Quarantining All Traces: trojan agent winlogonhook
    2:03 AM: Removal process initiated
    2:02 AM: Traces Found: 3
    2:02 AM: Full Sweep has completed. Elapsed time 00:19:01
    2:02 AM: File Sweep Complete, Elapsed Time: 00:16:13
    2:01 AM: Warning: Failed to access drive E:
    2:00 AM: Warning: Failed to open file "c:\windows\system32\components\flx23.dll". The operation completed successfully
    2:00 AM: Warning: Failed to open file "c:\windows\system32\components\flx22.dll". The operation completed successfully
    2:00 AM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\jeta75b.tmp". The operation completed successfully
    1:46 AM: Starting File Sweep
    1:46 AM: Warning: Failed to access drive A:
    1:46 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    1:46 AM: Starting Cookie Sweep
    1:46 AM: Registry Sweep Complete, Elapsed Time:00:00:30
    1:46 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    1:46 AM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    1:46 AM: Found Adware: security2k hijacker
    1:46 AM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    1:46 AM: Found Trojan Horse: trojan agent winlogonhook
    1:46 AM: Starting Registry Sweep
    1:45 AM: Memory Sweep Complete, Elapsed Time: 00:02:10
    1:45 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:44 AM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    1:44 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:44 AM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    1:43 AM: Starting Memory Sweep
    1:43 AM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    1:43 AM: Sweep initiated using definitions version 728
    1:43 AM: Spy Sweeper 5.0.5.1286 started
    1:43 AM: | Start of Session, Friday, July 28, 2006 |
    ********
    1:08 AM: Automated check for program update in progress.
    12:29 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    12:29 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    12:29 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    12:05 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    12:05 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    12:05 AM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    11:48 PM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    11:48 PM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    11:48 PM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    11:48 PM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    11:22 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    11:22 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    11:22 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    10:58 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    10:58 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    10:58 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    10:12 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    10:12 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    10:12 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:48 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:48 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:48 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:48 PM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    9:48 PM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    9:48 PM: The Spy Communication shield has blocked access to: HERE4SEARCH.BIZ
    9:48 PM: The Spy Communication shield has blocked access to: SMART-SECURITY.BIZ
    9:47 PM: Removal process completed. Elapsed time 00:00:22
    9:47 PM: Quarantining All Traces: atwola cookie
    9:47 PM: Quarantining All Traces: atlas dmt cookie
    9:47 PM: Quarantining All Traces: advertising cookie
    9:47 PM: Quarantining All Traces: security2k hijacker
    9:47 PM: Quarantining All Traces: trojan agent winlogonhook
    9:47 PM: Removal process initiated
    9:38 PM: Traces Found: 6
    9:38 PM: Full Sweep has completed. Elapsed time 00:23:04
    9:38 PM: File Sweep Complete, Elapsed Time: 00:18:57
    9:36 PM: Warning: Failed to access drive E:
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx28.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\documents and settings\court\application data\mozilla\firefox\profiles\7jrlmz7k.default\parent.lock". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx27.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx26.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx25.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx24.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx23.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\windows\system32\components\flx22.dll". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\documents and settings\court\local settings\temp\jet8e9e.tmp". The operation completed successfully
    9:34 PM: Warning: Failed to open file "c:\documents and settings\court\cookies\[email protected][1].txt". The operation completed successfully
    9:20 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:19 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:19 PM: Spy Installation Shield: found: Adware: system doctor 2006 fakealert, version 1.0.0.0
    9:19 PM: Starting File Sweep
    9:19 PM: Warning: Failed to access drive A:
    9:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    9:19 PM: c:\documents and settings\court\cookies\[email protected][1].txt (ID = 2255)
    9:19 PM: Found Spy Cookie: atwola cookie
    9:19 PM: c:\documents and settings\court\cookies\[email protected][1].txt (ID = 2253)
    9:19 PM: Found Spy Cookie: atlas dmt cookie
    9:19 PM: c:\documents and settings\court\cookies\[email protected][2].txt (ID = 2175)
    9:19 PM: Found Spy Cookie: advertising cookie
    9:19 PM: Starting Cookie Sweep
    9:19 PM: Registry Sweep Complete, Elapsed Time:00:00:32
    9:19 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    9:19 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    9:19 PM: Found Adware: security2k hijacker
    9:19 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    9:19 PM: Found Trojan Horse: trojan agent winlogonhook
    9:18 PM: Starting Registry Sweep
    9:18 PM: Memory Sweep Complete, Elapsed Time: 00:03:21
    9:15 PM: Starting Memory Sweep
    9:15 PM: Warning: TVolume.Read: read past end of volume size: 0 reading cluster: 0
    9:15 PM: Sweep initiated using definitions version 728
    9:15 PM: Spy Sweeper 5.0.5.1286 started
    9:15 PM: | Start of Session, Friday, July 28, 2006 |
    *******
     
  13. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    Hijack This! Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:30:07 AM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ishost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
    C:\WINDOWS\system32\ismon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\cool.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Documents and Settings\Court\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    (The Hijack This! and Spy Sweeper logs were done with several browsers still up, the Hijack This! log is not the one I ran before I rebooted my computer)
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How much RAM do you have
     
  15. Zoo York

    Zoo York Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    24
    512 MB of RAM.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486755

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice