1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Zlob: Virus or spyware?

Discussion in 'All Other Software' started by solofly, Jul 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. solofly

    solofly Thread Starter

    Joined:
    Jul 10, 2006
    Messages:
    6
    I have recently been infected by a Zlob virus and neither McAffe virusscan or spybot search and destroy can get rid of it. I have visited other forums just to look at what others have done about it and it is fixable with "Hijack this software" but I couldnt make sense of what they were doing. I thought it would be best to have a tech guide me through this in language I can understand. What the virus is doing is telling me I have been infected with a virus and that I should download some shady virus protection software. So every time I click to log onto the internet, instead of going to my MSN homepage it goes to an address called syssecuritysite.com and gives me a false microsoft internet explorer warning. Are you familiar with this?
     
  2. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,912
    You should get a better response in the Security Forum. Click on the red triangle at the top right of your post and ask a Moderator to move this to Security.
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe:
    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    =============================

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  4. solofly

    solofly Thread Starter

    Joined:
    Jul 10, 2006
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 7:55:32 PM, on 7/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} (Sinstaller Class) - http://www.cursorcafe.com/app_cc/bin/cursorcafe.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\system32\vpxnk.dll (file missing)
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     
  5. solofly

    solofly Thread Starter

    Joined:
    Jul 10, 2006
    Messages:
    6
    SmitFraudFix v2.69

    Scan done at 20:15:54.51, Mon 07/10/2006
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\ld???.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
    ===================

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  7. solofly

    solofly Thread Starter

    Joined:
    Jul 10, 2006
    Messages:
    6
    Sory I have been away for a while. Heres the info you wanted-----


    SmitFraudFix v2.69

    Scan done at 11:25:01.10, Sat 07/15/2006
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\vpxnk.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\ld???.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\1024\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  8. solofly

    solofly Thread Starter

    Joined:
    Jul 10, 2006
    Messages:
    6
    1:25 PM: Removal process completed. Elapsed time 00:04:30
    1:23 PM: Quarantining All Traces: zedo cookie
    1:23 PM: Quarantining All Traces: adserver cookie
    1:23 PM: Quarantining All Traces: burstbeacon cookie
    1:23 PM: Quarantining All Traces: tripod cookie
    1:23 PM: Quarantining All Traces: tribalfusion cookie
    1:23 PM: Quarantining All Traces: trafficmp cookie
    1:23 PM: Quarantining All Traces: tacoda cookie
    1:23 PM: Quarantining All Traces: statcounter cookie
    1:23 PM: Quarantining All Traces: realmedia cookie
    1:23 PM: Quarantining All Traces: questionmarket cookie
    1:23 PM: Quarantining All Traces: partypoker cookie
    1:23 PM: Quarantining All Traces: mediaplex cookie
    1:23 PM: Quarantining All Traces: fastclick cookie
    1:23 PM: Quarantining All Traces: sextracker cookie
    1:23 PM: Quarantining All Traces: hitslink cookie
    1:23 PM: Quarantining All Traces: ccbill cookie
    1:23 PM: Quarantining All Traces: casalemedia cookie
    1:23 PM: Quarantining All Traces: burstnet cookie
    1:23 PM: Quarantining All Traces: bluestreak cookie
    1:23 PM: Quarantining All Traces: atlas dmt cookie
    1:23 PM: Quarantining All Traces: ask cookie
    1:23 PM: Quarantining All Traces: advertising cookie
    1:23 PM: Quarantining All Traces: adtech cookie
    1:23 PM: Quarantining All Traces: pointroll cookie
    1:23 PM: Quarantining All Traces: addynamix cookie
    1:23 PM: Quarantining All Traces: adrevolver cookie
    1:23 PM: Quarantining All Traces: specificclick.com cookie
    1:23 PM: Quarantining All Traces: yieldmanager cookie
    1:23 PM: Quarantining All Traces: about cookie
    1:23 PM: Quarantining All Traces: websponsors cookie
    1:23 PM: Quarantining All Traces: 2o7.net cookie
    1:23 PM: Quarantining All Traces: security toolbar
    1:23 PM: Quarantining All Traces: networkessentials
    1:23 PM: Quarantining All Traces: instafinder
    1:23 PM: Quarantining All Traces: topsearch
    1:22 PM: Quarantining All Traces: rx toolbar
    1:22 PM: Quarantining All Traces: bullguard popup ad
    1:22 PM: Quarantining All Traces: mediapipe
    1:22 PM: Quarantining All Traces: starware cursorcafe
    1:22 PM: Quarantining All Traces: comet systems
    1:22 PM: Quarantining All Traces: altnet
    1:22 PM: Quarantining All Traces: starware toolbar
    1:22 PM: Quarantining All Traces: p2pnetwork
    1:21 PM: Quarantining All Traces: security2k hijacker
    1:21 PM: Removal process initiated
    1:16 PM: Traces Found: 187
    1:16 PM: Full Sweep has completed. Elapsed time 00:18:56
    1:16 PM: File Sweep Complete, Elapsed Time: 00:15:24
    1:13 PM: C:\WINDOWS\Temp\Altnet\pmexe.cab (ID = 49861)
    1:13 PM: C:\WINDOWS\Temp\Altnet\dmfiles.cab (ID = 49865)
    1:13 PM: Warning: Could not find a spy with ID "0"
    1:13 PM: C:\WINDOWS\Temp\Altnet\pmfiles.cab (ID = 49859)
    1:12 PM: Warning: Failed to access drive I:
    1:12 PM: Warning: Failed to access drive H:
    1:12 PM: Warning: Failed to access drive G:
    1:12 PM: Warning: Failed to access drive F:
    1:12 PM: Warning: Failed to access drive E:
    1:10 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP196\A0010960.bat (ID = 202688)
    1:10 PM: Found Adware: security toolbar
    1:10 PM: C:\Program Files\DownloadManager\DownloadManager.ini (ID = 162695)
    1:10 PM: c:\windows\downloaded program files\cursorcafe.inf (ID = 137348)
    1:09 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\hp100.tmp.vir". "c:\windows\system32\hp100.tmp.vir": File not found
    1:08 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP194\A0010747.exe (ID = 63654)
    1:08 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007375.dll (ID = 165630)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007395.dll (ID = 243450)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007394.dll (ID = 243437)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007328.exe (ID = 49862)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007334.exe (ID = 277546)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007345.dll (ID = 137347)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007346.dll (ID = 137343)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007326.dll (ID = 243437)
    1:07 PM: C:\WINDOWS\Temp\BullGuard\bulldownload.exe (ID = 52017)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007331.Manifest (ID = 49859)
    1:07 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007383.exe (ID = 49862)
    1:07 PM: C:\WINDOWS\Temp\Altnet\pmexe.cab (ID = 49854)
    1:07 PM: C:\WINDOWS\Temp\Altnet\admdloader.dll (ID = 49786)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007379.exe (ID = 49793)
    1:06 PM: C:\WINDOWS\Temp\Altnet\adm.exe (ID = 111765)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007316.dll (ID = 250397)
    1:06 PM: C:\WINDOWS\Temp\Altnet\adm4.dll (ID = 49779)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007372.dll (ID = 165627)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007374.exe (ID = 111765)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007378.dll (ID = 165633)
    1:06 PM: C:\WINDOWS\Temp\Altnet\dmfiles.cab (ID = 49818)
    1:06 PM: C:\WINDOWS\Temp\Altnet\dminstall7.cab (ID = 49829)
    1:06 PM: C:\WINDOWS\Temp\Altnet\pminstall.cab (ID = 49857)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007399.exe (ID = 243448)
    1:06 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007405.exe (ID = 162703)
    1:06 PM: C:\WINDOWS\Temp\Altnet\pmfiles.cab (ID = 49856)
    1:06 PM: C:\WINDOWS\Temp\Altnet\admprog.dll (ID = 49790)
    1:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007329.exe (ID = 49803)
    1:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007366.Manifest (ID = 49859)
    1:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007380.exe (ID = 49803)
    1:05 PM: C:\Program Files\DownloadManager\insdl.dll (ID = 71040)
    1:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007367.dll (ID = 49878)
    1:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007344.exe (ID = 137345)
    1:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007373.dll (ID = 165628)
    1:04 PM: C:\WINDOWS\Temp\Altnet\adm25.dll (ID = 49782)
    1:04 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007376.dll (ID = 165631)
    1:04 PM: C:\WINDOWS\Temp\Altnet\Setup.exe (ID = 49875)
    1:03 PM: C:\WINDOWS\Temp\Altnet\DMinfo3.cab (ID = 49824)
    1:03 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007347.exe (ID = 137970)
    1:03 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007369.exe (ID = 165635)
    1:03 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007377.dll (ID = 165632)
    1:03 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007332.dll (ID = 49878)
    1:03 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP137\A0007324.exe (ID = 63654)
    1:03 PM: C:\Program Files\MediaPipe\register.dll (ID = 71040)
    1:03 PM: Found Adware: networkessentials
    1:03 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP196\A0010972.dll (ID = 165717)
    1:03 PM: Found Adware: instafinder
    1:02 PM: C:\WINDOWS\Temp\Altnet\admfdi.dll (ID = 49789)
    1:02 PM: C:\WINDOWS\Temp\Altnet\admdata.dll (ID = 49784)
    1:02 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007381.dll (ID = 165637)
    1:02 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP138\A0007357.dll (ID = 250397)
    1:02 PM: Found Adware: topsearch
    1:01 PM: C:\Program Files\RXToolBar (ID = 2147490879)
    1:01 PM: Found Adware: rx toolbar
    1:01 PM: C:\WINDOWS\Temp\Altnet (18 subtraces) (ID = 2147485861)
    1:01 PM: C:\WINDOWS\Temp\BullGuard (1 subtraces) (ID = 2147490887)
    1:01 PM: Found Adware: bullguard popup ad
    1:01 PM: C:\Program Files\MediaPipe (4 subtraces) (ID = 2147497176)
    1:01 PM: C:\My AccessMedia (1 subtraces) (ID = 2147498114)
    1:01 PM: Starting File Sweep
    1:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3762)
    1:01 PM: Found Spy Cookie: zedo cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2142)
    1:01 PM: Found Spy Cookie: adserver cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2337)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2335)
    1:01 PM: Found Spy Cookie: burstbeacon cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3591)
    1:01 PM: Found Spy Cookie: tripod cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3589)
    1:01 PM: Found Spy Cookie: tribalfusion cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3581)
    1:01 PM: Found Spy Cookie: trafficmp cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6444)
    1:01 PM: Found Spy Cookie: tacoda cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3447)
    1:01 PM: Found Spy Cookie: statcounter cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3361)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3235)
    1:01 PM: Found Spy Cookie: realmedia cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3217)
    1:01 PM: Found Spy Cookie: questionmarket cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3111)
    1:01 PM: Found Spy Cookie: partypoker cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 1958)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 1958)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6442)
    1:01 PM: Found Spy Cookie: mediaplex cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2652)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2089)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2651)
    1:01 PM: Found Spy Cookie: fastclick cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2038)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 1958)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3362)
    1:01 PM: Found Spy Cookie: sextracker cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2790)
    1:01 PM: Found Spy Cookie: hitslink cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2369)
    1:01 PM: Found Spy Cookie: ccbill cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2354)
    1:01 PM: Found Spy Cookie: casalemedia cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2336)
    1:01 PM: Found Spy Cookie: burstnet cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2314)
    1:01 PM: Found Spy Cookie: bluestreak cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2253)
    1:01 PM: Found Spy Cookie: atlas dmt cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2245)
    1:01 PM: Found Spy Cookie: ask cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2175)
    1:01 PM: Found Spy Cookie: advertising cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2155)
    1:01 PM: Found Spy Cookie: adtech cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3148)
    1:01 PM: Found Spy Cookie: pointroll cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2062)
    1:01 PM: Found Spy Cookie: addynamix cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2088)
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2088)
    1:01 PM: Found Spy Cookie: adrevolver cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3400)
    1:01 PM: Found Spy Cookie: specificclick.com cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3751)
    1:01 PM: Found Spy Cookie: yieldmanager cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2037)
    1:01 PM: Found Spy Cookie: about cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3665)
    1:01 PM: Found Spy Cookie: websponsors cookie
    1:01 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 1957)
    1:01 PM: Found Spy Cookie: 2o7.net cookie
    1:01 PM: Starting Cookie Sweep
    1:01 PM: Registry Sweep Complete, Elapsed Time:00:00:31
    1:01 PM: HKU\S-1-5-21-3260517127-4111241513-634508805-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
    1:01 PM: HKU\S-1-5-21-3260517127-4111241513-634508805-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
    1:01 PM: Found Adware: starware toolbar
    1:01 PM: HKLM\software\microsoft\code store database\distribution units\{ef98af7b-1f54-4079-91bc-3996deaba45a}\ (ID = 1022713)
    1:01 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
    1:01 PM: HKLM\software\microsoft\windows\currentversion\uninstall\mediapipe\ (ID = 867153)
    1:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || mediapipe p2p loader (ID = 867145)
    1:01 PM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 867115)
    1:01 PM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (ID = 867095)
    1:01 PM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (ID = 867075)
    1:01 PM: HKLM\software\classes\typelib\{45c2360e-bfdf-439b-a3ea-65e8383f9353}\ (ID = 867065)
    1:01 PM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (ID = 867026)
    1:01 PM: HKLM\software\classes\clsid\{48bb16aa-3f6c-4b28-9884-1fcec1c5da65}\ (ID = 867002)
    1:01 PM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (ID = 866985)
    1:01 PM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866983)
    1:01 PM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (ID = 866981)
    1:01 PM: HKLM\software\classes\appid\{9236268d-8b29-49e5-96d9-daf5fe76941c}\ (ID = 866979)
    1:01 PM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (ID = 866973)
    1:01 PM: HKLM\software\classes\appid\trayicon.exe\ (ID = 866971)
    1:01 PM: HKLM\software\classes\appid\mpagent.dll\ (ID = 866967)
    1:01 PM: HKLM\software\classes\appid\mediapipe.exe\ (ID = 866965)
    1:01 PM: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963)
    1:01 PM: HKLM\software\classes\mpagent.agent.1\ (ID = 866947)
    1:01 PM: HKLM\software\classes\mpagent.agent\ (ID = 866941)
    1:01 PM: HKLM\software\classes\mediapipe.gui.1\ (ID = 866937)
    1:01 PM: HKLM\software\classes\mediapipe.gui\ (ID = 866931)
    1:01 PM: HKLM\software\classes\downloadmanager.manager.1\ (ID = 866927)
    1:01 PM: HKLM\software\classes\downloadmanager.manager\ (ID = 866921)
    1:01 PM: HKLM\software\mediapipe\ (ID = 866893)
    1:01 PM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866836)
    1:01 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (ID = 866816)
    1:01 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (ID = 866796)
    1:01 PM: HKCR\typelib\{45c2360e-bfdf-439b-a3ea-65e8383f9353}\ (ID = 866786)
    1:01 PM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (ID = 866747)
    1:01 PM: Found Trojan Horse: p2pnetwork
    1:01 PM: HKCR\clsid\{48bb16aa-3f6c-4b28-9884-1fcec1c5da65}\ (ID = 866723)
    1:01 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (ID = 866706)
    1:01 PM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (ID = 866704)
    1:01 PM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (ID = 866702)
    1:01 PM: HKCR\appid\{9236268d-8b29-49e5-96d9-daf5fe76941c}\ (ID = 866700)
    1:01 PM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (ID = 866694)
    1:01 PM: HKCR\appid\trayicon.exe\ (ID = 866692)
    1:01 PM: HKCR\appid\mpagent.dll\ (ID = 866688)
    1:01 PM: HKCR\appid\mediapipe.exe\ (ID = 866686)
    1:01 PM: HKCR\appid\downloadmanager.exe\ (ID = 866684)
    1:01 PM: HKCR\mpagent.agent.1\ (ID = 866668)
    1:01 PM: HKCR\mpagent.agent\ (ID = 866662)
    1:01 PM: HKCR\mediapipe.gui.1\ (ID = 866658)
    1:01 PM: HKCR\mediapipe.gui\ (ID = 866652)
    1:01 PM: HKCR\downloadmanager.manager.1\ (ID = 866648)
    1:01 PM: HKCR\downloadmanager.manager\ (ID = 866642)
    1:01 PM: Found Adware: mediapipe
    1:01 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
    1:01 PM: Found Adware: security2k hijacker
    1:01 PM: HKLM\software\classes\clsid\{ef98af7b-1f54-4079-91bc-3996deaba45a}\ (ID = 726877)
    1:01 PM: HKLM\software\classes\clsid\{d099baaa-a587-4dfb-9b7e-f7ea0fc04355}\ (ID = 726862)
    1:01 PM: HKLM\software\classes\clsid\{009506e8-8cad-4ca9-81d4-d815e7e4330a}\ (ID = 726847)
    1:01 PM: HKLM\software\cursorcafe\ (ID = 726812)
    1:01 PM: HKCR\clsid\{ef98af7b-1f54-4079-91bc-3996deaba45a}\ (ID = 726777)
    1:01 PM: HKCR\clsid\{d099baaa-a587-4dfb-9b7e-f7ea0fc04355}\ (ID = 726762)
    1:01 PM: HKCR\clsid\{009506e8-8cad-4ca9-81d4-d815e7e4330a}\ (ID = 726747)
    1:01 PM: Found Adware: starware cursorcafe
    1:01 PM: HKLM\software\screensavers.com\ (ID = 140569)
    1:01 PM: Found Adware: comet systems
    1:00 PM: HKLM\software\classes\appid\altnet signing module.exe\ (ID = 103489)
    1:00 PM: HKLM\software\classes\appid\adm.exe\ (ID = 103488)
    1:00 PM: HKCR\appid\altnet signing module.exe\ (ID = 103449)
    1:00 PM: HKCR\appid\adm.exe\ (ID = 103448)
    1:00 PM: Found Adware: altnet
    1:00 PM: Starting Registry Sweep
    1:00 PM: Memory Sweep Complete, Elapsed Time: 00:02:47
    12:58 PM: Starting Memory Sweep
    12:58 PM: Sweep initiated using definitions version 719
    12:58 PM: Spy Sweeper 5.0.5.1286 started
    12:58 PM: | Start of Session, Saturday, July 15, 2006 |
    ********
    12:58 PM: | End of Session, Saturday, July 15, 2006 |
    12:56 PM: None
    12:56 PM: Traces Found: 0
    12:56 PM: Memory Sweep Complete, Elapsed Time: 00:01:17
    12:56 PM: Sweep Canceled
    12:55 PM: Starting Memory Sweep
    12:55 PM: Sweep initiated using definitions version 719
    12:55 PM: Spy Sweeper 5.0.5.1286 started
    12:55 PM: | Start of Session, Saturday, July 15, 2006 |
    ********
    12:55 PM: | End of Session, Saturday, July 15, 2006 |
    12:52 PM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE
    12:52 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    12:48 PM: Shield States
    12:48 PM: Spyware Definitions: 691
    12:48 PM: Spy Sweeper 5.0.5.1286 started
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    12:46 PM: Tamper Detection
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    12:46 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    12:28 PM: Shield States
    12:28 PM: Spyware Definitions: 691
    12:28 PM: Spy Sweeper 5.0.5.1286 started
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    12:00 PM: Shield States
    11:59 AM: Spyware Definitions: 691
    11:59 AM: Spy Sweeper 5.0.5.1286 started
    11:59 AM: Spy Sweeper 5.0.5.1286 started
    11:59 AM: | Start of Session, Saturday, July 15, 2006 |
    ********
     
  9. solofly

    solofly Thread Starter

    Joined:
    Jul 10, 2006
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 1:32:35 PM, on 7/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/481928

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice