Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Mrs_Music

Pages: [1] 2
1
Tech Clinic / PC running extra slow again!
« on: July 04, 2007, 10:50:34 PM »
Can someone please help me? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Logfile of HijackThis v1.99.1
Scan saved at 11:11:59 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44495658-0000-0010-8000-00AA00389B71} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135972823515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

2
Tech Clinic / My pc is running super slow!
« on: September 22, 2006, 12:39:15 AM »
[quote name=\'guestolo\' post=\'205621\' date=\'Sep 21 2006, 11:27 PM\']How are things running?
We can disable quicktime and realplayer updates from running on startup
Let me know if you would like to try that

Sorry about AOL, I'll search around, I've never had it installed
Much like a bad program I wish I never installed  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

 I would never use it unless they changed they're practices[/quote]

Things are running better and I would love to disable the quicktime and realplayer. Yea aol sucks and I was uninstall it soooo bad but my mom is stuck in the stone age.

3
Tech Clinic / My pc is running super slow!
« on: September 21, 2006, 12:10:02 AM »
Yes, I do use AOL software but it's a pain in the ass. I only have it because my mom still uses dial up at home but when I'm at school we're on the high speed. I hate when it interupts my other browers with the AOL is the "default" browser crap. Is there anyway I can make it stop doing that without deleting it? Here's my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:05:52 AM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1135391434\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe
C:\Program Files\America Online 9.0\shellmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135972823515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

4
Tech Clinic / My pc is running super slow!
« on: September 20, 2006, 05:08:00 PM »
[quote name=\'guestolo\' post=\'204559\' date=\'Sep 20 2006, 04:41 PM\']What version of McAfee did you have installed?
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]

I don't know what version I had so I hope this helps.

AC3Filter (remove only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AviSynth 2.5
Broadcom Advanced Control Suite
Cisco Clean Access Agent
CleanUp!
Codec Pack - All In 1 6.0.2.8
Conexant SmartHSFi V92 56K DF PCI Modem
Dell ResourceCD
Digital Line Detect
DivX
DivX Player
Easy CD Creator 5 Basic
ewido anti-malware
FL Studio 5
FLV Player 1.3.3
Free Internet TV v4.5
Google Toolbar for Internet Explorer
Google Video Player
HijackThis 1.99.1
Hotfix for Windows XP (KB893357)
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Intel® Extreme Graphics Driver
iPod for Windows 2005-06-26
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.5.0.7)
Personal License Update Wizard for Windows Media Player
Plaxo Toolbar for Outlook and Outlook Express
PSP Video 9 1.74
PSP Video Express(remove only)
Pure Networks Port Magic
QuickTime
QuickTime Alternative 1.67
RealPlayer
Rhapsody
SAMSUNG Mobile USB Modem 1.0 Software
SBC Yahoo! Applications
Screwlab
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SoundCapture
SoundMAX
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
URGE
VideoLAN VLC media player 0.8.2
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Office 11
Yahoo! Central
Zwei-Stein Video Compositor 3.01 (Beta 2).

5
Tech Clinic / My pc is running super slow!
« on: September 20, 2006, 04:08:09 PM »
[quote name=\'guestolo\' post=\'204332\' date=\'Sep 20 2006, 01:20 PM\']When did the slowness start, what did you install before it slowed down?
When was the last time you cleared temp files and ran a Disk Defragment?

I do see remnants of McAfee installed on the computer?
Did you uninstall all of it from add/remove programs
More than one AV can cause slowdowns
What version of McAfee did you have installed?[/quote]

The slowness started about this time last week and the only thing I've installed since last week was firefox.
The last time I cleared temp files or ran a Disk Defragment was in July of this year I think.
I'm not sure what version it was. I just know it came with my Dell pc.

6
Tech Clinic / My pc is running super slow!
« on: September 20, 2006, 01:04:10 PM »
Please help me http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Here's my hijack log


Logfile of HijackThis v1.99.1
Scan saved at 1:02:00 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1135391434\ee\AOLSoftware.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135972823515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

7
Tech Clinic / My PC is running slooooooow
« on: March 28, 2006, 12:05:00 PM »
Yeah, I just had to delete one of the virus protections because I had two running together and they weren't agreeing. It's running a lot better now. I don't think I've ever done a Disk Defragement.


Oh, I'll definitely donate to help your fight against malware!!

8
Tech Clinic / My PC is running slooooooow
« on: March 24, 2006, 01:31:45 AM »
I would really appreaciate your help again http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Here's my hijack this log




Logfile of HijackThis v1.99.1
Scan saved at 12:29:13 AM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\common files\aol\1135391434\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\AOL\1135391434\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
c:\program files\common files\aol\1135391434\ee\aim6.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\AOL\1135391434\ee\aolsoftware.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1135391434\ee\aexplore.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1135391434\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135391434\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\RunOnce: [Run IPH] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\RunOnce: [0145651143078688mcinstcleanup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mcvsinst\014565~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\RunOnce: [0148721143078782mcinstcleanup] C:\PROGRA~1\mcafee.com\mpfpinst\014872~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135972823515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1135391434\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

9
Tech Clinic / Spy Sherrif
« on: January 03, 2006, 03:39:30 PM »
Done! Thanks for all your help!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

10
Tech Clinic / Spy Sherrif
« on: December 31, 2005, 03:19:56 AM »
[quote name=\'guestolo\' post=\'79345\' date=\'Dec 31 2005, 12:09 AM\']Can you do the following please

Start Killbox
Click on Tools in the menu bar and then click "Delete Temp Files"
In the Full path to file to delete, copy and paste the next line in bold

C:\WINDOWS\SYSTEM32\msupdate32.dll

Select the radio button to "Delete File on Reboot"
Additionally select "Unregister .dll before deleting"

Click the Red Circle with the White X

OK the prompts to delete on reboot and allow the computer to reboot
If the computer doesn't reboot, please do so manually

Back in Windows
Make sure that msupdate32.dll is gone

Let me know how everythings running

Please, make sure you take advantage of the exchange program if you want to play the CD's on your computer
That way you get to download the MP3's almost immediately, you just have to wait for your new CD's[/quote]

msupdate32.dll is gone and everything seems to be back to normal. I will most definitely be taking advantage of the exchange program. Thanks for all your help, I really appreciate it http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

11
Tech Clinic / Spy Sherrif
« on: December 31, 2005, 12:45:39 AM »
I wont be using those cds in my pc anymore!

Here are the results...

File:  msupdate32.dll  
Status:  INFECTED/MALWARE  
MD5  04c5bb461bdcb47ffdfe3b1dcae542a8  
Packers detected:  -
Scanner results  
AntiVir  Found nothing
ArcaVir  Found Trojan.Delf.Ald  
Avast  Found Win32:Trojano-2997  
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found Trojan.Proxy.636  
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found Backdoor.Win32.Delf.ald  
NOD32  Found nothing
Norman Virus Control  Found W32/DLoader.NUJ  
UNA  Found nothing
VBA32  Found nothing

12
Tech Clinic / Spy Sherrif
« on: December 30, 2005, 04:43:19 PM »
Thanks for info!!
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 3:39:44 PM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\COMMON~1\AOL\113539~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\113539~1\EE\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: B-H toolbar - {00b8fd76-519d-4889-95b3-d55dce8f003d} - C:\Program Files\B-H\tbB-H.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135972823515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


L2MFIX
L2MFIX find log 121605
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   browseui.dll   Wed Nov 23 2005   7:06:34p  A....      1,022,464   998.50 K
   cdfview.dll    Thu Oct 20 2005   9:39:26p  A....        151,040   147.50 K
   danim.dll      Fri Nov  4 2005   9:16:24p  A....      1,054,208     1.00 M
   dpl100.dll     Thu Oct 27 2005   1:37:46p  A....         86,016    84.00 K
   dpu10.dll      Thu Oct 27 2005   1:37:44p  A....        294,912   288.00 K
   dpu11.dll      Thu Oct 27 2005   1:37:44p  A....        294,912   288.00 K
   dpugui10.dll   Thu Oct 27 2005   1:37:48p  A....         53,248    52.00 K
   dpugui11.dll   Thu Oct 27 2005   1:37:46p  A....        593,920   580.00 K
   dpus11.dll     Thu Oct 27 2005   1:37:44p  A....        339,968   332.00 K
   dpv11.dll      Thu Oct 27 2005   1:37:44p  A....         57,344    56.00 K
   dtu100.dll     Thu Oct 27 2005   1:37:44p  A....        200,704   196.00 K
   dxtrans.dll    Thu Oct 20 2005   9:39:28p  A....        205,312   200.50 K
   esent.dll      Thu Oct 20 2005   4:20:04p  A....      1,082,368     1.03 M
   extmgr.dll     Thu Oct 20 2005   9:39:28p  .....         55,808    54.50 K
   gdi32.dll      Wed Oct  5 2005   9:09:36p  A....        280,064   273.50 K
   iepeers.dll    Thu Oct 20 2005   9:39:28p  A....        251,392   245.50 K
   inseng.dll     Thu Oct 20 2005   9:39:28p  A....         96,256    94.00 K
   islzma.dll     Fri Oct 21 2005   3:50:14p  A....        102,912   100.50 K
   mshtml.dll     Wed Nov 23 2005   7:06:34p  A....      3,015,680     2.88 M
   mshtmled.dll   Thu Oct 20 2005   9:39:30p  A....        448,512   438.00 K
   msrating.dll   Thu Oct 20 2005   9:39:30p  A....        146,432   143.00 K
   mstime.dll     Thu Oct 20 2005   9:39:30p  A....        530,944   518.50 K
   msupda~1.dll   Fri Dec 23 2005   8:46:28p  .....         36,864    36.00 K
   pngfilt.dll    Thu Oct 20 2005   9:39:30p  A....         39,424    38.50 K
   shdocvw.dll    Wed Nov 30 2005   9:59:30p  A....      1,492,480     1.42 M
   shlwapi.dll    Thu Oct 20 2005   9:39:30p  A....        473,600   462.50 K
   spmsg.dll      Wed Oct 12 2005   5:12:26p  .....         14,048    13.72 K
   urlmon.dll     Fri Nov  4 2005   9:16:28p  A....        609,280   595.00 K
   wininet.dll    Thu Oct 20 2005   9:39:30p  A....        658,432   643.00 K
   wrlogo~1.dll   Mon Oct 24 2005  12:20:36p  A....        492,544   481.00 K
   wrlzma.dll     Mon Oct 24 2005  12:20:32p  A....         17,920    17.50 K

31 items found:  31 files, 0 directories.
   Total of file sizes:  14,199,008 bytes     13.54 M
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
 Volume in drive C has no label.
 Volume Serial Number is FC8B-72C2

 Directory of C:\WINDOWS\System32

12/30/2005  03:38 PM    <DIR>          dllcache
06/21/2004  06:10 PM    <DIR>          Microsoft
               0 File(s)              0 bytes
               2 Dir(s)  10,811,641,856 bytes free

13
Tech Clinic / Spy Sherrif
« on: December 27, 2005, 01:41:10 AM »
Qoologic

Find Qoologic last edited 11/28/2005
Running from
C:\Documents and Settings\Administrator\Desktop\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
@="{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]
.....
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]



L2mfix

L2mfix Beta 121605
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 420 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 684 'winlogon.exe'
Killing PID 684 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 524 'explorer.exe'
Killing PID 524 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrators   ... successful
 Granting SeDebugPrivilege to Administrateurs   ... failed (GetAccountSid(Administrateurs)=1332
 Granting SeDebugPrivilege to Administrat÷rer   ... failed (GetAccountSid(Administrat÷rer)=1332
 Granting SeDebugPrivilege to Administradores   ... failed (GetAccountSid(Administradores)=1332
 Granting SeDebugPrivilege to Amministratore   ... failed (GetAccountSid(Amministratore)=1332
 Granting SeDebugPrivilege to Administratoren   ... failed (GetAccountSid(Administratoren)=1332
 
Scanning First Pass. Please Wait!
 
First Pass Completed
 
Second Pass Scanning
 
Second pass Completed!
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

 
The following are the files found:
****************************************************************************
 
Registry Entries that were Deleted:
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A97B1750-D844-46E6-A4D7-3804EB6214FB}]

[HKEY_CLASSES_ROOT\CLSID\{A97B1750-D844-46E6-A4D7-3804EB6214FB}\InprocServer32]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{19ED0577-73C1-4F56-BE1C-1CEE029CB1C5}]

[HKEY_CLASSES_ROOT\CLSID\{19ED0577-73C1-4F56-BE1C-1CEE029CB1C5}\InprocServer32]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A0906CB6-C457-4264-A6B0-D324960078EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A0906CB6-C457-4264-A6B0-D324960078EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A0906CB6-C457-4264-A6B0-D324960078EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A0906CB6-C457-4264-A6B0-D324960078EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{33042924-C3A0-42EA-9E42-8D0795F0DF63}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33042924-C3A0-42EA-9E42-8D0795F0DF63}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33042924-C3A0-42EA-9E42-8D0795F0DF63}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33042924-C3A0-42EA-9E42-8D0795F0DF63}\InprocServer32]
@="C:\\WINDOWS\\system32\\nldll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{31E430B5-10C3-40C8-A1CB-18C94B3DD3A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31E430B5-10C3-40C8-A1CB-18C94B3DD3A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31E430B5-10C3-40C8-A1CB-18C94B3DD3A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{31E430B5-10C3-40C8-A1CB-18C94B3DD3A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FE2E1812-471E-445F-AD57-CB98B00224B3}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{FE2E1812-471E-445F-AD57-CB98B00224B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE2E1812-471E-445F-AD57-CB98B00224B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE2E1812-471E-445F-AD57-CB98B00224B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfacm32.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A97B1750-D844-46E6-A4D7-3804EB6214FB}"=-
"{19ED0577-73C1-4F56-BE1C-1CEE029CB1C5}"=-
"{83587047-71D2-4AF9-94B4-771BBC28F995}"=-
"{6EC7C68A-4D6B-4E96-95D6-A0AC1660B3C8}"=-
"{A0906CB6-C457-4264-A6B0-D324960078EA}"=-
"{33042924-C3A0-42EA-9E42-8D0795F0DF63}"=-
"{31E430B5-10C3-40C8-A1CB-18C94B3DD3A5}"=-
"{FE2E1812-471E-445F-AD57-CB98B00224B3}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A97B1750-D844-46E6-A4D7-3804EB6214FB}]
[-HKEY_CLASSES_ROOT\CLSID\{19ED0577-73C1-4F56-BE1C-1CEE029CB1C5}]
[-HKEY_CLASSES_ROOT\CLSID\{83587047-71D2-4AF9-94B4-771BBC28F995}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC7C68A-4D6B-4E96-95D6-A0AC1660B3C8}]
[-HKEY_CLASSES_ROOT\CLSID\{A0906CB6-C457-4264-A6B0-D324960078EA}]
[-HKEY_CLASSES_ROOT\CLSID\{33042924-C3A0-42EA-9E42-8D0795F0DF63}]
[-HKEY_CLASSES_ROOT\CLSID\{31E430B5-10C3-40C8-A1CB-18C94B3DD3A5}]
[-HKEY_CLASSES_ROOT\CLSID\{FE2E1812-471E-445F-AD57-CB98B00224B3}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
   zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
  adding: backregs/19ED0577-73C1-4F56-BE1C-1CEE029CB1C5.reg (212 bytes security) (deflated 55%)
  adding: backregs/31E430B5-10C3-40C8-A1CB-18C94B3DD3A5.reg (212 bytes security) (deflated 70%)
  adding: backregs/33042924-C3A0-42EA-9E42-8D0795F0DF63.reg (212 bytes security) (deflated 70%)
  adding: backregs/A0906CB6-C457-4264-A6B0-D324960078EA.reg (212 bytes security) (deflated 70%)
  adding: backregs/A97B1750-D844-46E6-A4D7-3804EB6214FB.reg (212 bytes security) (deflated 54%)
  adding: backregs/FE2E1812-471E-445F-AD57-CB98B00224B3.reg (212 bytes security) (deflated 69%)
  adding: backregs/notibac.reg (140 bytes security) (deflated 87%)

HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 12:39:59 AM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\COMMON~1\AOL\113539~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\113539~1\EE\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: B-H toolbar - {00b8fd76-519d-4889-95b3-d55dce8f003d} - C:\Program Files\B-H\tbB-H.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - <a href='http://aolcc.Email Removed/computercheckup/qdiagcc.cab' target='_blank' rel='nofollow'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab</a>
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB704F3-7900-4C1C-B0FD-4A079AB8748F}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


It seems like it's back to normal, thanks for al your help!

14
Tech Clinic / Spy Sherrif
« on: December 27, 2005, 12:24:40 AM »
Find Qoologic last edited 11/28/2005
Running from
C:\Documents and Settings\Administrator\Desktop\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
C:\WINDOWS\SYSTEM32\CKJSVVD.EXE
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
@="{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

--
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\qgmnssxm]
@="{9facfe73-8660-4d5f-80ed-e6ba58c857dd}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]
.....
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]

15
Tech Clinic / Spy Sherrif
« on: December 26, 2005, 11:22:20 PM »
Lol I don't know what's up with my copying and pasting tonight but here's the rest of the spysweeper log and the other stuff u need...


1:07 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:15 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:15 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:15 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:15 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:15 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:15 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:23 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:23 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:23 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:23 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:23 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:23 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:31 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:31 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:31 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:31 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:31 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:31 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:39 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:39 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:39 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:39 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:39 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:39 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:47 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:47 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:47 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:47 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:47 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:47 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:55 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:55 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:55 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:55 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:55 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:55 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:03 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:03 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:03 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:03 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:03 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:03 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:11 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:11 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:11 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:11 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:11 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:11 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:19 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:19 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:19 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:19 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:19 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:19 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:27 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:27 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:27 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:27 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:27 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:27 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:35 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:35 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:35 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:35 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:35 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:35 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:43 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:43 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:51 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:51 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:54 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
2:54 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
2:54 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
2:54 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
2:54 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
2:54 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
2:59 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:59 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
2:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
3:07 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:07 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
3:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
3:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
3:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
8:39 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
8:39 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
3:25 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
3:25 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
5:22 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
5:22 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
10:03 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
10:03 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
5:32 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
5:32 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
6:00 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
6:00 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
10:32 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
10:32 PM: Ignored memory-resident threat: trojan-downloader-infectedhost
10:40 PM: Processing Startup Alerts
10:40 PM:   Removed Startup entry: winsync
10:40 PM:   Removed Startup entry: WindowsUpdate
10:40 PM:   Removed Startup entry: System
10:41 PM: |       End of Session, Wednesday, December 21, 2005       |
********
11:10 PM: |       Start of Session, Thursday, December 15, 2005       |
11:10 PM: Spy Sweeper started
11:11 PM: Your spyware definitions have been updated.
11:12 PM: |       End of Session, Thursday, December 15, 2005       |




________________________________________________________________________________
_




REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe files\\mcafee.com\\agent\\mcagent.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135391434\\EE\\AOLHostManager.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortEmail Removedexe\" -Run"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- qgmnssxm
{9facfe73-8660-4d5f-80ed-e6ba58c857dd}
C:\WINDOWS\system32\lgkeq.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\Program Files\Yahoo!\Common\ymmapi.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
hp psc 1000 series.lnk
hpoddt01.exe.lnk
SBC Self Support Tool.lnk
==============================
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

desktop.ini
hp psc 1000 series.lnk
hpoddt01.exe.lnk
SBC Self Support Tool.lnk
Clean Access Agent.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


ac3filter.cpl                
access.cpl                    Microsoft Corporation
appwiz.cpl                    Microsoft Corporation
B57exp.cpl                    Broadcom Corporation
bdeadmin.cpl                  Borland Software Corporation
bthprops.cpl                  Microsoft Corporation
desk.cpl                      Microsoft Corporation
firewall.cpl                  Microsoft Corporation
hdwwiz.cpl                    Microsoft Corporation
igfxcpl.cpl                   Intel Corporation
inetcpl.cpl                   Microsoft Corporation
intl.cpl                      Microsoft Corporation
irprops.cpl                   Microsoft Corporation
joy.cpl                       Microsoft Corporation
main.cpl                      Microsoft Corporation
mmsys.cpl                     Microsoft Corporation
ncpa.cpl                      Microsoft Corporation
netsetup.cpl                  Microsoft Corporation
nusrmgr.cpl                   Microsoft Corporation
nwc.cpl                       Microsoft Corporation
odbccp32.cpl                  Microsoft Corporation
powercfg.cpl                  Microsoft Corporation
QuickTime.cpl                 Apple Computer, Inc.
sysdm.cpl                     Microsoft Corporation
telephon.cpl                  Microsoft Corporation
timedate.cpl                  Microsoft Corporation
wscui.cpl                     Microsoft Corporation
wuaucpl.cpl                   Microsoft Corporation




________________________________________________________________________________
_______





Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
  33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
.....
End vxd check
Please post this in the forum


________________________________________________________________________________
_


   smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 12/26/2005
The current time is: 17:43:27.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Install.dat


 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~

zlbw.dll


 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 848 'explorer.exe'

Starting registry repairs

Deleting files


   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

16
Tech Clinic / Spy Sherrif
« on: December 26, 2005, 11:17:54 PM »
Yeah, I have a lot of SonyBMG cds and the B-H Toolbar is something I installed from the website-http://bhorizons.invisionplus.net/ a while ago that doesn't work...

Sorry, here's the rest of the Spysweeper log...
11:49 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:49 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:49 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:49 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:49 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:49 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:50 PM: The Spy Communication shield has blocked access to: evko.biz
11:50 PM: The Spy Communication shield has blocked access to: evko.biz
11:50 PM: The Spy Communication shield has blocked access to: evko.biz
11:50 PM: The Spy Communication shield has blocked access to: evko.biz
11:50 PM: The Spy Communication shield has blocked access to: evko.biz
11:50 PM: The Spy Communication shield has blocked access to: evko.biz
11:50 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:50 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:53 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:53 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:53 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:53 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:55 PM: The Spy Communication shield has blocked access to: evko.biz
11:55 PM: The Spy Communication shield has blocked access to: evko.biz
11:55 PM: The Spy Communication shield has blocked access to: evko.biz
11:55 PM: The Spy Communication shield has blocked access to: evko.biz
11:55 PM: The Spy Communication shield has blocked access to: evko.biz
11:55 PM: The Spy Communication shield has blocked access to: evko.biz
11:55 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:55 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:55 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:55 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:59 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:59 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:59 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
11:59 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
12:00 AM: The Spy Communication shield has blocked access to: evko.biz
12:00 AM: The Spy Communication shield has blocked access to: evko.biz
12:00 AM: The Spy Communication shield has blocked access to: evko.biz
12:00 AM: The Spy Communication shield has blocked access to: evko.biz
12:00 AM: The Spy Communication shield has blocked access to: evko.biz
12:00 AM: The Spy Communication shield has blocked access to: evko.biz
12:00 AM: The Spy Communication shield has blocked access to: 5sec.biz
12:00 AM: The Spy Communication shield has blocked access to: 5sec.biz
12:01 AM: The Spy Communication shield has blocked access to: 5sec.biz
12:01 AM: The Spy Communication shield has blocked access to: 5sec.biz
12:03 AM: The Spy Communication shield has blocked access to: jupitersatellites.biz
12:03 AM: The Spy Communication shield has blocked access to: jupitersatellites.biz
12:03 AM: The Spy Communication shield has blocked access to: jupitersatellites.biz
12:03 AM: The Spy Communication shield has blocked access to: jupitersatellites.biz
12:04 AM: Spy Installation Shield:  found: Adware: members area dialer, version 1.0.0.0 -- Execution Denied
12:04 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:04 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:04 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:04 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:05 AM: The Spy Communication shield has blocked access to: evko.biz
12:05 AM: The Spy Communication shield has blocked access to: evko.biz
12:05 AM: The Spy Communication shield has blocked access to: evko.biz
12:05 AM: The Spy Communication shield has blocked access to: evko.biz
12:05 AM: The Spy Communication shield has blocked access to: evko.biz
12:05 AM: The Spy Communication shield has blocked access to: evko.biz
2:31 PM: Processing Startup Alerts
2:31 PM:   Removed Startup entry: aupd
2:31 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:31 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:33 PM: The Spy Communication shield has blocked access to: traff-store.com
2:33 PM: The Spy Communication shield has blocked access to: traff-store.com
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:33 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:34 PM: BHO Shield:  found: -- BHO installation denied at user request
2:35 PM: BHO Shield:  found: -- BHO installation denied at user request
2:35 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: The Spy Communication shield has blocked access to: evko.biz
2:35 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
2:35 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:35 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:35 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:35 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:35 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-securemulti, version 1.0.0.0 -- Execution allowed at user request
2:36 PM: BHO Shield:  found: -- BHO installation denied at user request
2:36 PM: BHO Shield:  found: -- BHO installation denied at user request
2:38 PM: BHO Shield:  found: -- BHO installation denied at user request
2:38 PM: BHO Shield:  found: -- BHO installation denied at user request
2:44 PM: Memory Shield: Found: Memory-resident threat trojan-backdoor-securemulti, version 1.0.0.0
2:44 PM: Ignored memory-resident threat: trojan-backdoor-securemulti
2:52 PM: Memory Shield: Found: Memory-resident threat trojan-downloader-hebeeaac, version 1.0.0.0
2:52 PM: Detected running threat: trojan-downloader-hebeeaac
2:52 PM: Ignored memory-resident threat: trojan-downloader-hebeeaac
2:54 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:54 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
2:54 PM: The Spy Communication shield has blocked access to: traff-store.com
2:54 PM: The Spy Communication shield has blocked access to: traff-store.com
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:55 PM: The Spy Communication shield has blocked access to: maxysearch.info
2:56 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:56 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:56 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:56 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:57 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
2:57 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: evko.biz
2:57 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:57 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:57 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:57 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
2:57 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-securemulti, version 1.0.0.0 -- Execution allowed at user request
3:01 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:01 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:01 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:01 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:02 PM: The Spy Communication shield has blocked access to: evko.biz
3:02 PM: The Spy Communication shield has blocked access to: evko.biz
3:02 PM: The Spy Communication shield has blocked access to: evko.biz
3:02 PM: The Spy Communication shield has blocked access to: evko.biz
3:02 PM: The Spy Communication shield has blocked access to: evko.biz
3:02 PM: The Spy Communication shield has blocked access to: evko.biz
3:03 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:03 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:06 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:06 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:06 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:06 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:07 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:07 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:07 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:07 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:07 PM: The Spy Communication shield has blocked access to: evko.biz
3:07 PM: The Spy Communication shield has blocked access to: evko.biz
3:07 PM: The Spy Communication shield has blocked access to: evko.biz
3:07 PM: The Spy Communication shield has blocked access to: evko.biz
3:07 PM: The Spy Communication shield has blocked access to: evko.biz
3:07 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: 5sec.biz
3:12 PM: The Spy Communication shield has blocked access to: 5sec.biz
3:12 PM: The Spy Communication shield has blocked access to: 5sec.biz
3:12 PM: The Spy Communication shield has blocked access to: 5sec.biz
3:12 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: evko.biz
3:12 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:12 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:18 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:18 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
3:18 PM: The Spy Communication shield has blocked access to: traff-store.com
3:18 PM: The Spy Communication shield has blocked access to: traff-store.com
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:19 PM: The Spy Communication shield has blocked access to: maxysearch.info
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: The Spy Communication shield has blocked access to: evko.biz
3:20 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
3:20 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:20 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:20 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:20 PM: The Spy Communication shield has blocked access to: jupitersatellites.biz
3:20 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-securemulti, version 1.0.0.0 -- Execution allowed at user request
********
10:41 PM: |       Start of Session, Wednesday, December 21, 2005       |
10:41 PM: Spy Sweeper started
10:41 PM: Sweep initiated using definitions version 586
10:41 PM: Starting Memory Sweep
10:45 PM: Memory Sweep Complete, Elapsed Time: 00:04:11
10:45 PM: Starting Registry Sweep
10:45 PM:   Found Adware: aksoft
10:45 PM:   HKLM\software\aksoft\.support\  (10 subtraces) (ID = 103365)
10:45 PM:   HKLM\software\aksoft\.target\  (80 subtraces) (ID = 103366)
10:46 PM:   Found Adware: ezula ilookup
10:46 PM:   HKCR\appid\atlbrowser.exe\  (1 subtraces) (ID = 126121)
10:46 PM:   HKCR\atlbrcon.atlbrcon\  (3 subtraces) (ID = 126127)
10:46 PM:   HKLM\software\classes\appid\atlbrowser.exe\  (1 subtraces) (ID = 126207)
10:46 PM:   HKLM\software\classes\atlbrcon.atlbrcon.1\  (3 subtraces) (ID = 126213)
10:46 PM:   HKLM\software\classes\atlbrcon.atlbrcon\  (3 subtraces) (ID = 126214)
10:46 PM:   Found Adware: ieplugin
10:46 PM:   HKLM\software\microsoft\internet explorer\toolbar\ || {2cde1a7d-a478-4291-bf31-e1b4c16f92eb} (ID = 128178)
10:46 PM:   Found Adware: virtualbouncer
10:46 PM:   HKCR\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\  (11 subtraces) (ID = 392235)
10:46 PM:   HKLM\software\classes\clsid\{18bbdf4d-611d-41ce-a7e7-b2dd23c250d1}\  (11 subtraces) (ID = 392390)
10:46 PM:   HKLM\software\classes\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\  (11 subtraces) (ID = 476604)
10:46 PM:   Found Adware: dealhelper
10:46 PM:   HKLM\software\ddate\  (1 subtraces) (ID = 636618)
10:46 PM:   HKLM\software\aksoft\  (34293 subtraces) (ID = 639132)
10:46 PM:   Found Adware: clientman
10:46 PM:   HKCR\appid\urlcli.dll\  (1 subtraces) (ID = 701476)
10:46 PM:   HKCR\typelib\{026e4b83-1bf7-41cb-8233-4af35341bc69}\  (9 subtraces) (ID = 701480)
10:46 PM:   HKLM\software\classes\appid\urlcli.dll\  (1 subtraces) (ID = 701492)
10:46 PM:   HKLM\software\classes\typelib\{026e4b83-1bf7-41cb-8233-4af35341bc69}\  (9 subtraces) (ID = 701496)
10:46 PM:   HKCR\searchrep.searchreppp\  (5 subtraces) (ID = 770179)
10:46 PM:   HKCR\searchrep.searchreppp.1\  (3 subtraces) (ID = 770185)
10:46 PM:   HKCR\typelib\{8dbd1ce8-2720-4774-8cc6-32737958ac4b}\  (9 subtraces) (ID = 770203)
10:46 PM:   HKLM\software\classes\searchrep.searchreppp\  (5 subtraces) (ID = 770217)
10:46 PM:   HKLM\software\classes\searchrep.searchreppp.1\  (3 subtraces) (ID = 770223)
10:46 PM:   HKLM\software\classes\typelib\{8dbd1ce8-2720-4774-8cc6-32737958ac4b}\  (9 subtraces) (ID = 770241)
10:47 PM:   Found Adware: cws sp.html hijack
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\search\ || searchassistant_bak (ID = 123751)
10:47 PM:   Found Adware: delfin
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\mvu\  (5 subtraces) (ID = 124884)
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\picsvr\  (1 subtraces) (ID = 124890)
10:47 PM:   Found Adware: effective-i toolbar
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)
10:47 PM:   Found Adware: spysheriff
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 142127)
10:47 PM:   Found Adware: directrevenue-abetterinternet
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\ahexe\  (30 subtraces) (ID = 145821)
10:47 PM:   Found Trojan Horse: trojan-backdoor-securemulti
10:47 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 484139)
10:47 PM:   Found Adware: navexcel navhelper
10:47 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {5aa06644-bc46-4220-a460-47a6eb47c96d} (ID = 135541)
10:47 PM:   HKU\S-1-5-18\software\navexcel ltd\  (9 subtraces) (ID = 135548)
10:47 PM:   Found Adware: twain-tech
10:47 PM:   HKU\S-1-5-18\software\mxtarget\  (5 subtraces) (ID = 145343)
10:47 PM: Registry Sweep Complete, Elapsed Time:00:01:38
10:47 PM: Starting Cookie Sweep
10:47 PM:   Found Spy Cookie: 2o7.net cookie
10:47 PM:   administrator@2o7[2].txt (ID = 1957)
10:47 PM:   Found Spy Cookie: go.com cookie
10:47 PM:   [email protected][2].txt (ID = 2729)
10:47 PM:   Found Spy Cookie: yieldmanager cookie
10:47 PM:   [email protected][2].txt (ID = 3751)
10:47 PM:   Found Spy Cookie: adknowledge cookie
10:47 PM:   administrator@adknowledge[2].txt (ID = 2072)
10:47 PM:   Found Spy Cookie: hbmediapro cookie
10:47 PM:   [email protected][2].txt (ID = 2768)
10:47 PM:   Found Spy Cookie: specificclick.com cookie
10:47 PM:   [email protected][2].txt (ID = 3400)
10:47 PM:   Found Spy Cookie: belointeractive cookie
10:47 PM:   [email protected][1].txt (ID = 2295)
10:47 PM:   Found Spy Cookie: pointroll cookie
10:47 PM:   [email protected][2].txt (ID = 3148)
10:47 PM:   Found Spy Cookie: atwola cookie
10:47 PM:   administrator@atwola[1].txt (ID = 2255)
10:47 PM:   administrator@belointeractive[1].txt (ID = 2294)
10:47 PM:   Found Spy Cookie: zedo cookie
10:47 PM:   [email protected][1].txt (ID = 3763)
10:47 PM:   Found Spy Cookie: exitexchange cookie
10:47 PM:   administrator@exitexchange[1].txt (ID = 2633)
10:47 PM:   administrator@go[1].txt (ID = 2728)
10:47 PM:   Found Spy Cookie: clickandtrack cookie
10:47 PM:   [email protected][2].txt (ID = 2397)
10:47 PM:   Found Spy Cookie: questionmarket cookie
10:47 PM:   administrator@questionmarket[1].txt (ID = 3217)
10:47 PM:   Found Spy Cookie: serving-sys cookie
10:47 PM:   administrator@serving-sys[2].txt (ID = 3343)
10:47 PM:   Found Spy Cookie: statcounter cookie
10:47 PM:   administrator@statcounter[1].txt (ID = 3447)
10:47 PM:   Found Spy Cookie: trafficmp cookie
10:47 PM:   administrator@trafficmp[1].txt (ID = 3581)
10:47 PM:   Found Spy Cookie: tribalfusion cookie
10:47 PM:   administrator@tribalfusion[1].txt (ID = 3589)
10:47 PM:   Found Spy Cookie: adserver cookie
10:47 PM:   [email protected][1].txt (ID = 2142)
10:47 PM:   administrator@zedo[1].txt (ID = 3762)
10:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:47 PM: Starting File Sweep
10:48 PM:   Found Adware: e2g
10:48 PM:   ei51.exe (ID = 59384)
10:49 PM:   Found Adware: shopathomeselect
10:49 PM:   shagentnew.dll (ID = 75942)
10:50 PM:   Found Adware: exact cashback/bargain buddy
10:50 PM:   installer_mediawhiz8.exe (ID = 50696)
10:52 PM:   aimvffk.xml (ID = 57646)
10:52 PM:   Found Adware: gain - common components
10:52 PM:   hdplugin1101.dll (ID = 61477)
10:53 PM:   Found Trojan Horse: trojan-downloader-asdbiz.biz
10:53 PM:   qvxt2.game (ID = 80237)
10:54 PM:   hdplugin1101.dll (ID = 61477)
10:55 PM:   hdplugin1101.inf (ID = 61480)
10:59 PM:   Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
10:59 PM:   vxgamet2.exe (ID = 197844)
10:59 PM:   qvxgamet2.exe (ID = 80237)
10:59 PM:   vxgame6.exe (ID = 80237)
10:59 PM:   hdplugin1019.inf (ID = 61473)
10:59 PM:   hdplugin1101.inf (ID = 61480)
11:01 PM:   Found Adware: couponage
11:01 PM:   casync.dll (ID = 54700)
11:01 PM:   cacore.dll (ID = 54694)
11:02 PM:   carules.dll (ID = 54699)
11:02 PM:   Sweep Canceled
11:02 PM: File Sweep Complete, Elapsed Time: 00:15:28
11:02 PM: Traces Found: 34602
11:02 PM: Removal process initiated
11:03 PM:   Quarantining All Traces: directrevenue-abetterinternet
11:03 PM:   Quarantining All Traces: spysheriff
11:03 PM:   Quarantining All Traces: trojan-backdoor-securemulti
11:03 PM:   Quarantining All Traces: delfin
11:03 PM:   Quarantining All Traces: trojan-backdoor-core.psyche-evolution.com
11:03 PM:   Quarantining All Traces: trojan-downloader-asdbiz.biz
11:03 PM:   Quarantining All Traces: aksoft
11:03 PM:   Quarantining All Traces: clientman
11:03 PM:   Quarantining All Traces: couponage
11:03 PM:   Quarantining All Traces: cws sp.html hijack
11:03 PM:   Quarantining All Traces: dealhelper
11:03 PM:   Quarantining All Traces: e2g
11:03 PM:   Quarantining All Traces: effective-i toolbar
11:03 PM:   Quarantining All Traces: exact cashback/bargain buddy
11:03 PM:   Quarantining All Traces: ezula ilookup
11:03 PM:   Quarantining All Traces: ieplugin
11:03 PM:   Quarantining All Traces: navexcel navhelper
11:03 PM:   Quarantining All Traces: shopathomeselect
11:03 PM:   Quarantining All Traces: twain-tech
11:03 PM:   Quarantining All Traces: virtualbouncer
11:03 PM:   Quarantining All Traces: 2o7.net cookie
11:03 PM:   Quarantining All Traces: adknowledge cookie
11:03 PM:   Quarantining All Traces: adserver cookie
11:03 PM:   Quarantining All Traces: atwola cookie
11:03 PM:   Quarantining All Traces: belointeractive cookie
11:03 PM:   Quarantining All Traces: clickandtrack cookie
11:03 PM:   Quarantining All Traces: exitexchange cookie
11:03 PM:   Quarantining All Traces: gain - common components
11:03 PM:   Quarantining All Traces: go.com cookie
11:03 PM:   Quarantining All Traces: hbmediapro cookie
11:03 PM:   Quarantining All Traces: pointroll cookie
11:03 PM:   Quarantining All Traces: questionmarket cookie
11:03 PM:   Quarantining All Traces: serving-sys cookie
11:03 PM:   Quarantining All Traces: specificclick.com cookie
11:03 PM:   Quarantining All Traces: statcounter cookie
11:03 PM:   Quarantining All Traces: trafficmp cookie
11:03 PM:   Quarantining All Traces: tribalfusion cookie
11:03 PM:   Quarantining All Traces: yieldmanager cookie
11:03 PM:   Quarantining All Traces: zedo cookie
11:03 PM: Removal process completed.  Elapsed time 00:00:44
11:04 PM: Deletion from quarantine initiated
11:04 PM: Processing: 2o7.net cookie
11:04 PM: Processing: adknowledge cookie
11:04 PM: Processing: adserver cookie
11:04 PM: Processing: aksoft
11:04 PM: Processing: atwola cookie
11:04 PM: Processing: belointeractive cookie
11:04 PM: Processing: clickandtrack cookie
11:04 PM: Processing: clientman
11:04 PM: Processing: couponage
11:04 PM: Processing: cws sp.html hijack
11:04 PM: Processing: dealhelper
11:04 PM: Processing: delfin
11:04 PM: Processing: directrevenue-abetterinternet
11:04 PM: Processing: e2g
11:04 PM: Processing: effective-i toolbar
11:04 PM: Processing: exact cashback/bargain buddy
11:04 PM: Processing: exitexchange cookie
11:04 PM: Processing: ezula ilookup
11:04 PM: Processing: gain - common components
11:04 PM: Processing: go.com cookie
11:04 PM: Processing: hbmediapro cookie
11:04 PM: Processing: ieplugin
11:04 PM: Processing: navexcel navhelper
11:04 PM: Processing: pointroll cookie
11:04 PM: Processing: questionmarket cookie
11:04 PM: Processing: serving-sys cookie
11:04 PM: Processing: shopathomeselect
11:04 PM: Processing: specificclick.com cookie
11:04 PM: Processing: spysheriff
11:04 PM: Processing: statcounter cookie
11:04 PM: Processing: trafficmp cookie
11:04 PM: Processing: tribalfusion cookie
11:04 PM: Processing: trojan-backdoor-core.psyche-evolution.com
11:04 PM: Processing: trojan-downloader-asdbiz.biz
11:04 PM: Processing: twain-tech
11:04 PM: Processing: virtualbouncer
11:04 PM: Processing: yieldmanager cookie
11:04 PM: Processing: zedo cookie
11:04 PM: Deletion from quarantine completed.  Elapsed time 00:00:00
11:11 PM: Processing Startup Alerts
11:11 PM:   Removed Startup entry: winsync
11:11 PM:   Removed Startup entry: System
11:11 PM:   Removed Startup entry: Windows installer
********
11:12 PM: |       Start of Session, Thursday, December 15, 2005       |
11:12 PM: Spy Sweeper started
11:12 PM: Sweep initiated using definitions version 586
11:12 PM: Starting Memory Sweep
11:15 PM:   Found Adware: clkoptimizer
11:15 PM:   Detected running threat: C:\WINDOWS\system32\wuauclt.dll (ID = 143665)
11:16 PM:   Found Adware: delfin
11:16 PM:   Detected running threat: C:\WINDOWS\system32\picsvr\picsvr.exe (ID = 57768)
11:16 PM:   HKLM\Software\Microsoft\Windows\CurrentVersion\Run || picsvr (ID = 0)
11:28 PM: Memory Sweep Complete, Elapsed Time: 00:15:57
11:28 PM: Starting Registry Sweep
11:28 PM:   Found Adware: 7adpower
11:28 PM:   HKLM\software\classes\interface\{12e919bc-c70f-432b-b831-1180de734505}\  (8 subtraces) (ID = 102195)
11:28 PM:   Found Adware: aksoft
11:28 PM:   HKLM\software\aksoft\.support\  (10 subtraces) (ID = 103365)
11:28 PM:   HKLM\software\aksoft\.target\  (80 subtraces) (ID = 103366)
11:28 PM:   HKCR\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (6 subtraces) (ID = 105953)
11:28 PM:   HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (1 subtraces) (ID = 106021)
11:28 PM:   HKLM\software\classes\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (6 subtraces) (ID = 106049)
11:28 PM:   HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (1 subtraces) (ID = 106116)
11:28 PM:   HKLM\software\microsoft\windows\currentversion\run\ || picsvr (ID = 124872)
11:28 PM:   HKLM\software\mvu\  (6 subtraces) (ID = 124885)
11:28 PM:   HKLM\software\nsvcin\ (ID = 124886)
11:28 PM:   HKLM\software\picsvr\  (2 subtraces) (ID = 124891)
11:28 PM:   Found Adware: ezula ilookup
11:28 PM:   HKCR\appid\atlbrowser.exe\  (1 subtraces) (ID = 126121)
11:28 PM:   HKCR\atlbrcon.atlbrcon\  (3 subtraces) (ID = 126127)
11:28 PM:   HKLM\software\classes\appid\atlbrowser.exe\  (1 subtraces) (ID = 126207)
11:28 PM:   HKLM\software\classes\atlbrcon.atlbrcon.1\  (3 subtraces) (ID = 126213)
11:28 PM:   HKLM\software\classes\atlbrcon.atlbrcon\  (3 subtraces) (ID = 126214)
11:28 PM:   Found Adware: ieplugin
11:28 PM:   HKLM\software\microsoft\internet explorer\toolbar\ || {2cde1a7d-a478-4291-bf31-e1b4c16f92eb} (ID = 128178)
11:29 PM:   Found Adware: look2me
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || tsvcin (ID = 129953)
11:29 PM:   HKLM\software\tsvcin\  (2 subtraces) (ID = 129976)
11:29 PM:   HKLM\software\tsvcin\ || a (ID = 129977)
11:29 PM:   Found Trojan Horse: rasmin
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || windowsupdate (ID = 144085)
11:29 PM:   Found Trojan Horse: trojan-backdoor-dimenoc
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || windowsupdate (ID = 144085)
11:29 PM:   Found Trojan Horse: vesbiz downloader
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || system (ID = 145542)
11:29 PM:   Found Adware: directrevenue-abetterinternet
11:29 PM:   HKCR\interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673}\  (8 subtraces) (ID = 145809)
11:29 PM:   HKLM\software\classes\interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673}\  (8 subtraces) (ID = 145886)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\{000fa346-d004-45e1-bc4c-9408d6cd4128}\  (1 subtraces) (ID = 146124)
11:29 PM:   Found Adware: websearch toolbar
11:29 PM:   HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\  (8 subtraces) (ID = 146518)
11:29 PM:   Found Adware: winad
11:29 PM:   HKCR\mediagatewayx.installer\  (3 subtraces) (ID = 372857)
11:29 PM:   HKCR\mediagatewayx.installer\clsid\  (1 subtraces) (ID = 372859)
11:29 PM:   Found Adware: virtualbouncer
11:29 PM:   HKCR\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\  (11 subtraces) (ID = 392235)
11:29 PM:   HKLM\software\classes\clsid\{18bbdf4d-611d-41ce-a7e7-b2dd23c250d1}\  (11 subtraces) (ID = 392390)
11:29 PM:   HKLM\software\classes\mediagatewayx.installer\  (3 subtraces) (ID = 398902)
11:29 PM:   HKLM\software\classes\mediagatewayx.installer\clsid\  (1 subtraces) (ID = 398904)
11:29 PM:   HKLM\software\classes\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\  (11 subtraces) (ID = 476604)
11:29 PM:   Found Adware: letsroll911.org hijacker
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || system (ID = 594251)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || winsync (ID = 601545)
11:29 PM:   Found Adware: dealhelper
11:29 PM:   HKLM\software\ddate\  (1 subtraces) (ID = 636618)
11:29 PM:   HKLM\software\aksoft\  (34293 subtraces) (ID = 639132)
11:29 PM:   Found Adware: clientman
11:29 PM:   HKCR\appid\urlcli.dll\  (1 subtraces) (ID = 701476)
11:29 PM:   HKCR\typelib\{026e4b83-1bf7-41cb-8233-4af35341bc69}\  (9 subtraces) (ID = 701480)
11:29 PM:   HKLM\software\classes\appid\urlcli.dll\  (1 subtraces) (ID = 701492)
11:29 PM:   HKLM\software\classes\typelib\{026e4b83-1bf7-41cb-8233-4af35341bc69}\  (9 subtraces) (ID = 701496)
11:29 PM:   HKLM\software\microsoft\internet explorer\extensions\{9e248641-0e24-4ddb-9a1f-705087832ad6}\  (2 subtraces) (ID = 753449)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\  (2 subtraces) (ID = 763026)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
11:29 PM:   HKCR\searchrep.searchreppp\  (5 subtraces) (ID = 770179)
11:29 PM:   HKCR\searchrep.searchreppp.1\  (3 subtraces) (ID = 770185)
11:29 PM:   HKCR\typelib\{8dbd1ce8-2720-4774-8cc6-32737958ac4b}\  (9 subtraces) (ID = 770203)
11:29 PM:   HKLM\software\classes\searchrep.searchreppp\  (5 subtraces) (ID = 770217)
11:29 PM:   HKLM\software\classes\searchrep.searchreppp.1\  (3 subtraces) (ID = 770223)
11:29 PM:   HKLM\software\classes\typelib\{8dbd1ce8-2720-4774-8cc6-32737958ac4b}\  (9 subtraces) (ID = 770241)
11:29 PM:   HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\  (8 subtraces) (ID = 815132)
11:29 PM:   HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\  (8 subtraces) (ID = 815145)
11:29 PM:   Found Trojan Horse: xcp rootkit
11:29 PM:   HKLM\system\currentcontrolset\services\$sys$aries\  (11 subtraces) (ID = 976072)
11:29 PM:   Found Adware: cws sp.html hijack
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\search\ || searchassistant_bak (ID = 123751)
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\mvu\  (5 subtraces) (ID = 124884)
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\picsvr\  (1 subtraces) (ID = 124890)
11:29 PM:   Found Adware: effective-i toolbar
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)
11:29 PM:   Found Adware: spysheriff
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 142127)
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\ahexe\  (30 subtraces) (ID = 145821)
11:29 PM:   Found Trojan Horse: trojan-backdoor-securemulti
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 484139)
11:29 PM:   Found Adware: navexcel navhelper
11:29 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {5aa06644-bc46-4220-a460-47a6eb47c96d} (ID = 135541)
11:29 PM:   HKU\S-1-5-18\software\navexcel ltd\  (9 subtraces) (ID = 135548)
11:29 PM:   Found Adware: twain-tech
11:29 PM:   HKU\S-1-5-18\software\mxtarget\  (5 subtraces) (ID = 145343)
11:29 PM: Registry Sweep Complete, Elapsed Time:00:01:08
11:29 PM: Starting Cookie Sweep
11:29 PM:   Found Spy Cookie: go.com cookie
11:29 PM:   [email protected][2].txt (ID = 2729)
11:29 PM:   Found Spy Cookie: yieldmanager cookie
11:29 PM:   [email protected][2].txt (ID = 3751)
11:29 PM:   Found Spy Cookie: adknowledge cookie
11:29 PM:   administrator@adknowledge[2].txt (ID = 2072)
11:29 PM:   Found Spy Cookie: hbmediapro cookie
11:29 PM:   [email protected][2].txt (ID = 2768)
11:29 PM:   Found Spy Cookie: specificclick.com cookie
11:29 PM:   [email protected][2].txt (ID = 3400)
11:29 PM:   Found Spy Cookie: belointeractive cookie
11:29 PM:   [email protected][1].txt (ID = 2295)
11:29 PM:   Found Spy Cookie: pointroll cookie
11:29 PM:   [email protected][2].txt (ID = 3148)
11:29 PM:   administrator@belointeractive[1].txt (ID = 2294)
11:29 PM:   Found Spy Cookie: zedo cookie
11:29 PM:   [email protected][1].txt (ID = 3763)
11:29 PM:   Found Spy Cookie: exitexchange cookie
11:29 PM:   administrator@exitexchange[1].txt (ID = 2633)
11:29 PM:   administrator@go[1].txt (ID = 2728)
11:29 PM:   Found Spy Cookie: clickandtrack cookie
11:29 PM:   [email protected][2].txt (ID = 2397)
11:29 PM:   Found Spy Cookie: questionmarket cookie
11:29 PM:   administrator@questionmarket[1].txt (ID = 3217)
11:29 PM:   Found Spy Cookie: serving-sys cookie
11:29 PM:   administrator@serving-sys[2].txt (ID = 3343)
11:29 PM:   Found Spy Cookie: statcounter cookie
11:29 PM:   administrator@statcounter[1].txt (ID = 3447)
11:29 PM:   Found Spy Cookie: trafficmp cookie
11:29 PM:   administrator@trafficmp[1].txt (ID = 3581)
11:29 PM:   Found Spy Cookie: tribalfusion cookie
11:29 PM:   administrator@tribalfusion[1].txt (ID = 3589)
11:29 PM:   Found Spy Cookie: adserver cookie
11:29 PM:   [email protected][1].txt (ID = 2142)
11:29 PM:   administrator@zedo[1].txt (ID = 3762)
11:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:29 PM: Starting File Sweep
11:29 PM:   c:\program files\spysheriff (2 subtraces) (ID = -2147476679)
11:29 PM:   c:\windows\inst (ID = -2147480086)
11:29 PM:   c:\documents and settings\all users\application data\picsvr (2 subtraces) (ID = -2147481134)
11:29 PM:   c:\documents and settings\all users\application data\wsxs (1 subtraces) (ID = -2147481131)
11:29 PM:   c:\windows\system32\nsvsvc (2 subtraces) (ID = -2147481119)
11:29 PM:   c:\documents and settings\all users\application data\nsv (18 subtraces) (ID = -2147481136)
11:29 PM:   c:\windows\system32\picsvr (1 subtraces) (ID = -2147481118)
11:30 PM:   655c4132-8b7d-42e1-bbbf-d2a792 (ID = 53202)
11:30 PM:   15c170b3-efd2-45cd-b42a-e00978 (ID = 53202)
11:30 PM:   Found Adware: e2g
11:30 PM:   ei51.exe (ID = 59384)
11:30 PM:   ds3.dll (ID = 65767)
11:31 PM:   731cff7b-cee2-4499-ad6d-ee78bc (ID = 53184)
11:32 PM:   Found Trojan Horse: trojan-downloader-moneymind
11:32 PM:   moneyspj.exe (ID = 80826)
11:32 PM:   bc39ba07-5de8-4ffb-973c-0b8b72 (ID = 53202)
11:33 PM:   31e6e23d-adfc-4e9c-89b5-88d989.asq (ID = 116897)
11:33 PM:   Found Adware: shopathomeselect
11:33 PM:   shagentnew.dll (ID = 75942)
11:33 PM:   35cf20f8-a4fb-44f7-a144-3d0555.asq (ID = 53205)
11:34 PM:   Found Adware: exact cashback/bargain buddy
11:34 PM:   installer_mediawhiz8.exe (ID = 50696)
11:34 PM:   l26olcj31fo.dll (ID = 159)
11:34 PM:   0e3486fb-498b-4ef1-9e90-48684f.asq (ID = 116897)
11:34 PM:   85709154-ff64-48ca-99e5-d8b894.asq (ID = 53205)
11:34 PM:   n0l8la3u1d.dll (ID = 159)
11:35 PM:   hkactivex.dll (ID = 159)
11:35 PM:   rivpperf.dll (ID = 159)
11:35 PM:   f4aced25-39a3-4467-8548-87ceb6.asq (ID = 120384)
11:35 PM:   n4l8le3u1h.dll (ID = 159)
11:36 PM:   lvpm0971e.dll (ID = 159)
11:36 PM:   5f83d443-a077-4995-b519-d01e60.asq (ID = 120384)
11:36 PM:   cktdll.dll (ID = 159)
11:36 PM:   wadmps.dll (ID = 159)
11:36 PM:   nykuff.execommon startup (ID = 53184)
11:36 PM:   37c2b1d0-38c9-43f6-a168-670190.asq (ID = 120384)
11:36 PM:   mdapsspc.dll (ID = 159)
11:36 PM:   downloader.exe (ID = 164938)
11:36 PM:   1ad34ac3-420a-49dc-b80d-a2071d.asq (ID = 116897)
11:36 PM:   afd7b4f4-f740-4c82-a260-ce0922.asq (ID = 120384)
11:36 PM:   97daa5f1-bc2d-4df9-97eb-6bf71e.asq (ID = 120384)
11:36 PM:   6f44139c-9a99-4447-9c37-3bd06e.asq (ID = 53205)
11:36 PM:   ijfxpph.dll (ID = 159)
11:36 PM:   mftrig.dll (ID = 159)
11:36 PM:   n26q0cj5efo.dll (ID = 159)
11:36 PM:   f8da9bf6-2798-4ceb-b8d7-202396 (ID = 53202)
11:36 PM:   7a7eb7b3-bf4f-482c-b31b-ffbef2.asq (ID = 120384)
11:36 PM:   71cb85e5-4266-4572-95e1-2de3e7.asq (ID = 116897)
11:36 PM:   dc28ad81-8736-459a-8fc0-ca3ad3.asq (ID = 120384)
11:36 PM:   0feebe07-0642-45a2-849c-65240d.asq (ID = 116897)
11:36 PM:   d6e73193-608d-40c8-b383-c0bda7.asq (ID = 116897)
11:36 PM:   78896054-1fac-44ec-b1d1-f20b45.asq (ID = 120384)
11:36 PM:   62de0de2-ea94-46ca-b7e2-e0da6c.asq (ID = 53205)
11:37 PM:   iiign32.dll (ID = 159)
11:37 PM:   mwcans32.dll (ID = 65904)
11:37 PM:   1db068e1-0139-44e1-bcd9-2ffb12.asq (ID = 120384)
11:37 PM:   wdadmod.dll (ID = 159)
11:37 PM:   39de90a8-a03f-4693-a6f1-486374.asq (ID = 120384)
11:37 PM:   8b14b74f-92a7-4ef5-9e9c-ecef7d.asq (ID = 120384)
11:37 PM:   m082lalo1dqc.dll (ID = 159)
11:37 PM:   nvdeapi.dll (ID = 159)
11:37 PM:   certc.dll (ID = 159)
11:37 PM:   mvpol9731.dll (ID = 159)
11:37 PM:   6227a65c-8051-4289-a658-4cbeef.asq (ID = 120384)
11:37 PM:   iconu.exe (ID = 65721)
11:37 PM:   7e08e58e-6ad5-4475-89b5-c693ba.asq (ID = 120384)
11:37 PM:   8f5c433e-63a7-49f2-8f48-1b8361.asq (ID = 53205)
11:37 PM:   6d038d48-4fa5-40d0-a71e-c56b6e.asq (ID = 116897)
11:37 PM:   aimvffk.xml (ID = 57646)
11:37 PM:   hefci004.dll (ID = 65904)
11:38 PM:   b65c6a83-9fbd-4efe-9c15-f38711.asq (ID = 53205)
11:38 PM:   8e82c065-1951-4c53-9245-1e080a.asq (ID = 116897)
11:38 PM:   78257d6c-9e64-4488-a221-53ba8e.asq (ID = 53205)
11:38 PM:   en4sl1h71.dll (ID = 159)
11:38 PM:   ktlul7391.dll (ID = 159)
11:38 PM:   r86u0ij9e8o.dll (ID = 159)
11:38 PM:   80291133-d7c6-41e9-acf2-177260.asq (ID = 53205)
11:38 PM:   n8n60i5se8.dll (ID = 159)
11:38 PM:   cpmrepl.dll (ID = 159)
11:38 PM:   02e6bfda-1832-465d-9c0d-b1a9f7.asq (ID = 120384)
11:38 PM:   Found Adware: gain - common components
11:38 PM:   hdplugin1101.dll (ID = 61477)
11:39 PM:   k4lq0e35eh.dll (ID = 159)
11:39 PM:   d3aa59c8-7620-4a47-ac19-651c52.asq (ID = 53205)
11:39 PM:   vgactl.cpl (ID = 143664)
11:39 PM:   e2024ec4-4e1e-40bf-a85c-b16ade.asq (ID = 53205)
11:39 PM:   BHO Shield:  found: -- BHO installation allowed at user request
11:39 PM:   c6002gdmg60a2.dll (ID = 159)
11:39 PM:   l88m0il1e8q.dll (ID = 159)
11:40 PM:   0b97a2ff-09d5-4e9e-b5a0-13b482.asq (ID = 116897)
11:40 PM:   c7912df4-17ea-493e-86db-447219 (ID = 53202)
11:40 PM:   Found Trojan Horse: trojan-downloader-infectedhost
11:40 PM:   svchost.dll (ID = 201334)
11:40 PM:   maiseq.dll (ID = 159)
11:41 PM:   hrns0557e.dll (ID = 159)
11:41 PM:   wknfax.dll (ID = 65904)
11:41 PM:   lvls0937e.dll (ID = 159)
11:41 PM:   702d8767-b3a0-45f1-966b-311991.asq (ID = 53205)
11:41 PM:   mvp8l97u1.dll (ID = 159)
11:41 PM:   q8nuli5918.dll (ID = 159)
11:41 PM:   25ccf445-aa76-41dd-8483-fd07e7.asq (ID = 116897)
11:41 PM:   a3db4b29-781e-44b8-b62b-31d9da (ID = 53202)
11:41 PM:   wnhnetbs.dll (ID = 159)
11:42 PM:   en66l1js1.dll (ID = 159)
11:42 PM:   hdplugin1101.dll (ID = 61477)
11:42 PM:   c2000cdmef0a0.dll (ID = 159)
11:42 PM:   5db4cee8-06c7-4111-ad17-e7ec72.asq (ID = 53134)
11:42 PM:   3ef150a0-4cfb-4073-8189-d7e9e4.asq (ID = 53205)
11:42 PM:   hdplugin1101.inf (ID = 61480)
11:42 PM:   2ffa856a-8a3e-49bc-a1b7-e364ab.asq (ID = 116897)
11:42 PM:   jt4807hue.dll (ID = 159)
11:42 PM:   Found Adware: 180search assistant/zango
11:42 PM:   sain_kyf.dat (ID = 70616)
11:42 PM:   sainau.dat (ID = 70615)
11:42 PM:   Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
11:42 PM:   vxt2.game (ID = 197844)
11:42 PM:   k0260afsed260.dll (ID = 159)
11:42 PM:   gprml3911.dll (ID = 159)
11:42 PM:   j8l4li3q18.dll (ID = 159)
11:43 PM:   l8j8li1u18.dll (ID = 159)
11:43 PM:   h40qled51h0.dll (ID = 159)
11:43 PM:   hrr8059ue.dll (ID = 159)
11:43 PM:   mdl_hp.dll (ID = 159)
11:43 PM:   mgutil.dll (ID = 65904)
11:44 PM:   uxdmxfrm.dll (ID = 159)
11:44 PM:   Found Adware: wildmedia
11:44 PM:   standard.exe (ID = 88774)
11:44 PM:   l0l6la3s1d.dll (ID = 159)
11:44 PM:   k4pmle711h.dll (ID = 159)
11:45 PM:   ksdmac.dll (ID = 159)
11:45 PM:   1449cb15-7b22-4e23-bcff-1ff4ae.asq (ID = 116897)
11:45 PM:   iifxress.dll (ID = 159)
11:46 PM:   a6d6ca4a-182d-40a1-a531-114bf3 (ID = 53202)
11:46 PM:   kodes.dll (ID = 65904)
11:46 PM:   desktop.html (ID = 178574)
11:46 PM:   Found Adware: isearch desktop search
11:46 PM:   d62c81b6-a7d5-4667-a689-bc9585 (ID = 64334)
11:47 PM:   hdplugin1019.inf (ID = 61473)
11:47 PM:   hdplugin1101.inf (ID = 61480)
11:47 PM:   vxgamet2.exe (ID = 197844)
11:47 PM:   Found Trojan Horse: trojan-downloader-asdbiz.biz
11:47 PM:   qvxgamet2.exe (ID = 80237)
11:47 PM:   vxgame6.exe (ID = 80237)
11:47 PM:   svchost.exe (ID = 203593)
11:47 PM:   wuauclt.dll (ID = 143665)
11:47 PM:   98491621-2257-4896-888f-bc5e76 (ID = 143665)
11:47 PM:   02709b22-b3e3-4e1e-a9a8-ec2c1c (ID = 143665)
11:47 PM:   sstray.exe (ID = 203593)
11:47 PM:   b02f321b-1261-4a76-af1f-1cf114 (ID = 143665)
11:47 PM:   bd24d720-8ad3-4549-ae61-e79193 (ID = 53202)
11:47 PM:   picsvr.exe (ID = 57768)
11:47 PM:   HKLM\Software\Microsoft\Windows\CurrentVersion\Run || picsvr (ID = 0)
11:47 PM:   825f7002-68f6-4d5d-a3b3-6e234c (ID = 143665)
11:47 PM:   uninstall.exe (ID = 198832)
11:47 PM:   b998b4c0-b3b8-41a7-83f5-e86902 (ID = 53202)
11:47 PM:   2d67b064-bd98-46f5-b871-9d257e (ID = 143665)
11:48 PM:   3ab15aa8-846e-4d18-9be6-336bee.asq (ID = 53205)
11:48 PM:   80afb4ec-a2b0-4239-ae7a-ab0c5a (ID = 143665)
11:48 PM:   511f5974-e921-45d2-a790-d917e8 (ID = 143665)
11:48 PM:   bf3dd05d-684e-43bc-b282-6bd453 (ID = 53202)
11:48 PM:   en20l1fm1.dll (ID = 159)
11:48 PM:   irox.exe (ID = 70642)
11:48 PM:   fppu0379e.dll (ID = 159)
11:48 PM:   jt8u07l9e.dll (ID = 159)
11:48 PM:   mmperf.dll (ID = 159)
11:48 PM:   f00o0ad3ed0.dll (ID = 159)
11:49 PM:   ksdcr.dll (ID = 159)
11:49 PM:   cgpbk32.dll (ID = 65904)
11:49 PM:   mfvcirt.dll (ID = 65904)
11:49 PM:   i2lolc331f.dll (ID = 159)
11:49 PM:   mvrql9951.dll (ID = 159)
11:49 PM:   mycsubs.dll (ID = 159)
11:49 PM:   Found Adware: couponage
11:49 PM:   casync.dll (ID = 54700)
11:49 PM:   slnsapi.dll (ID = 159)
11:49 PM:   cacore.dll (ID = 54694)
11:49 PM:   f0ab681d-3eb9-422d-adb1-fa2391.asq (ID = 116897)
11:49 PM:   f6l0lg3m16.dll (ID = 159)
11:49 PM:   175fd306-019c-4ddf-97a4-f93cd7 (ID = 120129)
11:49 PM:   ir2ul5f91.dll (ID = 159)
11:49 PM:   aza6l1js1.dll (ID = 159)
11:49 PM:   9590c27d-dd15-4df9-a141-d72f81 (ID = 120129)
11:50 PM:   i6600gjme6oa0.dll (ID = 159)
11:50 PM:   akrules.dll (ID = 49674)
11:50 PM:   oabccp32.dll (ID = 159)
11:50 PM:   abicap.dll (ID = 65904)
11:50 PM:   wmv1215.dbd (ID = 57687)
11:50 PM:   carules.dll (ID = 54699)
11:50 PM:   iyssdo.dll (ID = 65904)
11:51 PM:   akupd.dll (ID = 49673)
11:51 PM:   akcore.dll (ID = 49676)
11:51 PM:   c95e3617-fc77-4e24-a8a4-ca5866 (ID = 53193)
11:51 PM:   mgjava.dll (ID = 65904)
11:51 PM:   ibmp.dll (ID = 65904)
11:51 PM:   aza8lg9u16.dll (ID = 159)
11:51 PM:   soc.dll (ID = 159)
11:51 PM:   almlib.dll (ID = 65904)
11:51 PM:   otbccu32.dll (ID = 65904)
11:51 PM:   mqimtf.dll (ID = 65904)
11:51 PM:   h20qlcd51f0.dll (ID = 159)
11:51 PM:   modimap.dll (ID = 65904)
11:51 PM:   moawt.dll (ID = 65904)
11:51 PM:   kfdmaori.dll (ID = 65904)
11:51 PM:   aotodisc.dll (ID = 159)
11:51 PM:   kldit142.dll (ID = 159)
11:51 PM:   m482lelo1hqc.dll (ID = 159)
11:51 PM:   aimvffk2.xml (ID = 57648)
11:52 PM:   jqsh400.dll (ID = 159)
11:52 PM:   fhsrch.dll (ID = 159)
11:52 PM:   aimvffk1.xml (ID = 57647)
11:52 PM:   gp46l3hs1.dll (ID = 159)
11:52 PM:   se2evnt1.dll (ID = 159)
11:52 PM:   fp0q03d5e.dll (ID = 159)
11:52 PM:   fp4403hqe.dll (ID = 159)
11:52 PM:   fpr2039oe.dll (ID = 159)
11:52 PM:   pprfproc.dll (ID = 159)
11:52 PM:   l42slef71h2.dll (ID = 159)
11:52 PM:   i8jq0i15e8.dll (ID = 159)
11:53 PM:   dddim700.dll (ID = 159)
11:53 PM:   g4jo0e13eh.dll (ID = 159)
11:53 PM:   g8joli1318.dll (ID = 159)
11:53 PM:   dnlcdf32.dll (ID = 159)
11:53 PM:   ac9a9236-8df6-4925-9eea-83eb9d.asq (ID = 53205)
11:53 PM:   doconfig.dll (ID = 159)
11:53 PM:   8a9b4acc-651c-4d74-a337-874d4f.asq (ID = 116897)
11:53 PM:   dvlix.dll (ID = 159)
11:53 PM:   dhmsadsn.dll (ID = 159)
11:53 PM:   e0202afmgd2a2.dll (ID = 159)
11:53 PM:   en4ml1h11.dll (ID = 65730)
11:53 PM:   patchme.exe (ID = 57767)
11:53 PM:   mldsrv32.dll (ID = 65730)
11:54 PM:   mqoert2.dll (ID = 159)
11:54 PM:   cidial32.dll (ID = 159)
11:54 PM:   nsvs.dll (ID = 57751)
11:54 PM:   mqrddm.dll (ID = 159)
11:54 PM:   mrdemui.dll (ID = 159)
11:54 PM:   mnidntld.dll (ID = 65730)
11:54 PM:   13ab9051-b05e-4015-890e-7e739b.asq (ID = 53134)
11:54 PM:   jisd400.dll (ID = 65904)
11:54 PM:   iewphbk.dll (ID = 65904)
11:54 PM:   azaslef71h2.dll (ID = 159)
11:54 PM:   sqreamci.dll (ID = 159)
11:54 PM:   7165fd9b-4e9e-4db6-abcf-bc995a.asq (ID = 116897)
11:54 PM:   iqnathlp.dll (ID = 65904)
11:54 PM:   5c6c72ba-fac9-402c-bd63-fe6979.asq (ID = 116897)
11:55 PM:   en68l1ju1.dll (ID = 159)
11:55 PM:   swscrap.dll (ID = 65904)
11:55 PM:   t6r8lg9u16.dll (ID = 159)
11:55 PM:   28475f37-2db1-40a7-902a-f53c83.asq (ID = 53134)
11:55 PM:   vx6.game (ID = 80237)
11:55 PM:   qvxt2.game (ID = 80237)
11:55 PM:   o666lgjs16o6.dll (ID = 159)
11:55 PM:   9bcc5f81-34b4-4fe1-89bc-1e9502.asq (ID = 116897)
11:55 PM:   o684lglq16qe.dll (ID = 159)
11:55 PM:   o6ro0g93e6.dll (ID = 159)
11:55 PM:   o6rolg9316.dll (ID = 159)
11:56 PM:   camsnap.dll (ID = 65904)
11:56 PM:   Found Adware: nvdialer
11:56 PM:   games.exe (ID = 137596)
11:56 PM:   wmv1920.dbd (ID = 57692)
11:56 PM:   wmv2007.dbd (ID = 57693)
11:56 PM:   ihq.dll (ID = 159)
11:57 PM:   kwdhe.dll (ID = 159)
11:58 PM:   rxsmans.dll (ID = 159)
11:58 PM:   f7e52304-e85c-47b4-960a-5f3141.asq (ID = 53205)
11:58 PM:   kwv2.dat (ID = 63356)
11:59 PM:   irr0l59m1.dll (ID = 159)
11:59 PM:   mgdsrv32.dll (ID = 159)
11:59 PM:   46363592-a020-463e-b011-ccfcce.asq (ID = 116897)
11:59 PM:   feb60e17-234a-40ee-891d-fa220a.asq (ID = 116897)
11:59 PM:   aza4lglq16qe.dll (ID = 65730)
11:59 PM:   jcdw400.dll (ID = 159)
12:00 AM:   pgofmap.dll (ID = 65904)
12:00 AM:   nqdsbcli.dll (ID = 159)
12:00 AM:   gpsieer.dll (ID = 53179)
12:01 AM:   jtn4075qe.dll (ID = 159)
12:01 AM:   prchdprf.dll (ID = 159)
12:02 AM:   irv6mon.dll (ID = 159)
12:02 AM:   k4pm0e71eh.dll (ID = 159)
12:02 AM:   bxellist.dll (ID = 159)
12:03 AM:   uqpnpmgr.dll (ID = 159)
12:03 AM:   e8166481-cce9-4edb-8cbd-06c493.asq (ID = 116897)
12:03 AM:   n46qlej51ho.dll (ID = 159)
12:03 AM:   k2800clmefqa0.dll (ID = 159)
12:03 AM:   elcapi.dll (ID = 159)
12:03 AM:   Found Trojan Horse: 2nd-thought
12:03 AM:   dgi.exe (ID = 48210)
12:05 AM:   l8r00i9me8.dll (ID = 159)
12:05 AM:   muiole16.dll (ID = 65904)
12:05 AM:   3daa44b9-00a3-48a9-a544-b0751f.asq (ID = 116897)
12:08 AM:   jkt.dll (ID = 65904)
12:10 AM:   hdplugin1101.inf (ID = 61480)
12:11 AM:   jt4o07h3e.dll (ID = 159)
12:12 AM:   Found Trojan Horse: trojan-downloader-delf
12:12 AM:   moneyspm.exe (ID = 80426)
12:13 AM:   iosso.dll (ID = 65904)
12:13 AM:   uwdmxfrm.dll (ID = 159)
12:13 AM:   jtl2073oe.dll (ID = 159)
12:13 AM:   njprovau.dll (ID = 65904)
12:15 AM:   wmv0204.ddx (ID = 57686)
12:15 AM:   wmv0504.ddx (ID = 57686)
12:15 AM:   wmv0904.ddx (ID = 57691)
12:15 AM:   wmv0412.ddx (ID = 57686)
12:15 AM:   wmv0106.ddx (ID = 57679)
12:15 AM:   wmv0315.ddx (ID = 57686)
12:16 AM:   setup.inf (ID = 50863)
12:16 AM:   wmv1204.ddx (ID = 57686)
12:16 AM:   deskbar.ini (ID = 64321)
12:16 AM:   wmv1909.ddx (ID = 57691)
12:16 AM:   wmv1125.ddx (ID = 57685)
12:16 AM:   Found System Monitor: potentially rootkit-masked files
12:16 AM:   $sys$cor.sys (ID = 0)
12:16 AM:   $sys$drmserver.exe (ID = 0)
12:16 AM:   $sys$caj.dll (ID = 0)
12:16 AM:   $sys$upgtool.exe (ID = 0)
12:16 AM:   $sys$parking (ID = 0)
12:16 AM:   20050911164137.zip (ID = 57796)
12:17 AM: File Sweep Complete, Elapsed Time: 00:47:37
12:17 AM: Full Sweep has completed.  Elapsed time 01:04:52
12:17 AM: Traces Found: 35040
12:25 AM: Removal process initiated
12:26 AM:   Quarantining All Traces: 180search assistant/zango
12:26 AM:   Quarantining All Traces: 2nd-thought
12:26 AM:   Quarantining All Traces: clkoptimizer
12:27 AM:   clkoptimizer is in use.  It will be removed on reboot.
12:27 AM:     wuauclt.dll is in use.  It will be removed on reboot.
12:27 AM:     C:\WINDOWS\system32\wuauclt.dll is in use.  It will be removed on reboot.
12:27 AM:   Quarantining All Traces: directrevenue-abetterinternet
12:27 AM:   Quarantining All Traces: isearch desktop search
12:27 AM:   Quarantining All Traces: look2me
12:28 AM:   The Spy Communication shield has blocked access to: mm.delfinproject.com
12:28 AM:   The Spy Communication shield has blocked access to: mm.delfinproject.com
12:29 AM:   Quarantining All Traces: potentially rootkit-masked files
12:29 AM:   potentially rootkit-masked files is in use.  It will be removed on reboot.
12:29 AM:     $sys$drmserver.exe is in use.  It will be removed on reboot.
12:29 AM:   Quarantining All Traces: spysheriff
12:29 AM:   Quarantining All Traces: trojan-backdoor-securemulti
12:29 AM:   Quarantining All Traces: trojan-downloader-moneymind
12:29 AM:   Quarantining All Traces: websearch toolbar
12:29 AM:   Quarantining All Traces: wildmedia
12:29 AM:   Quarantining All Traces: delfin
12:29 AM:   delfin is in use.  It will be removed on reboot.
12:29 AM:     picsvr.exe is in use.  It will be removed on reboot.
12:29 AM:   Quarantining All Traces: letsroll911.org hijacker
12:29 AM:   Quarantining All Traces: rasmin
12:29 AM:   Quarantining All Traces: trojan-backdoor-core.psyche-evolution.com
12:29 AM:   Quarantining All Traces: trojan-backdoor-dimenoc
12:29 AM:   Quarantining All Traces: trojan-downloader-asdbiz.biz
12:29 AM:   Quarantining All Traces: trojan-downloader-delf
12:29 AM:   Quarantining All Traces: trojan-downloader-infectedhost
12:29 AM:   Quarantining All Traces: vesbiz downloader
12:29 AM:   Quarantining All Traces: winad
12:29 AM:   Quarantining All Traces: xcp rootkit
12:29 AM:   Quarantining All Traces: 7adpower
12:29 AM:   Quarantining All Traces: aksoft
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:35 AM: Deletion from quarantine initiated
12:35 AM: Processing: 180search assistant/zango
12:35 AM: Processing: 2nd-thought
12:35 AM: Processing: 7adpower
12:35 AM: Processing: aksoft
12:35 AM: Processing: clkoptimizer
12:35 AM: Processing: delfin
12:35 AM: Processing: directrevenue-abetterinternet
12:35 AM: Processing: isearch desktop search
12:35 AM: Processing: letsroll911.org hijacker
12:35 AM: Processing: look2me
12:35 AM: Processing: potentially rootkit-masked files
12:35 AM: Processing: rasmin
12:35 AM: Processing: spysheriff
12:35 AM: Processing: trojan-backdoor-core.psyche-evolution.com
12:35 AM: Processing: trojan-downloader-asdbiz.biz
12:35 AM: Processing: trojan-downloader-delf
12:35 AM: Processing: trojan-downloader-infectedhost
12:35 AM: Processing: trojan-downloader-moneymind
12:35 AM: Processing: websearch toolbar
12:35 AM: Processing: wildmedia
12:35 AM: Processing: winad
12:35 AM: Processing: xcp rootkit
12:35 AM: Deletion from quarantine completed.  Elapsed time 00:00:01
12:38 AM: Memory Shield: Found: Memory-resident threat trojan-downloader-infectedhost, version 1.0.0.0
12:38 AM: Detected running threat: trojan-downloader-infectedhost
12:38 AM: Ignored memory-resident threat: trojan-downloader-infectedhost
12:43 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:43 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:43 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:51 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:51 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:51 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:59 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:59 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:59 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
1:07 AM: The Spy Communication shield has bloc

17
Tech Clinic / Spy Sherrif
« on: December 26, 2005, 09:22:14 PM »
Panda
An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...


Ewido
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         6:38:05 PM, 12/26/2005
 + Report-Checksum:      65E48DA4

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Replace.HBO -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
   HKU\S-1-5-21-448539723-920026266-839522115-500\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
   HKU\S-1-5-21-448539723-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-448539723-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-448539723-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
   HKU\S-1-5-21-448539723-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-448539723-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
   C:\!KillBox\kernels64.exe -> Downloader.Tibs.p : Cleaned with backup
   C:\!KillBox\kypiqq.exe -> Downloader.Qoologic.ba : Cleaned with backup
   C:\!KillBox\qvxgamet4.exe -> Downloader.Small.cap : Cleaned with backup
   C:\!KillBox\services.exe -> Downloader.CWS.r : Cleaned with backup
   C:\!KillBox\vxh8jkdq2.exe -> Hijacker.Spywad.n : Cleaned with backup
   C:\!KillBox\winstall.exe -> Hijacker.Spywad.n : Cleaned with backup
   C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ipoh.exe -> Downloader.Qoologic.ba : Cleaned with backup
   C:\WINDOWS\dhl.sys -> Trojan.Delf.cf : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.10\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.11\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.12\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.13\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.14\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.15\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.16\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.17\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.18\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.19\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.20\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.21\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.22\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.23\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.24\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.25\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.26\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.27\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.4\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.6\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.7\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.8\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.9\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\rdgUS10.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
   C:\WINDOWS\inet20001\3.00.12.dll -> Spyware.Ihbo : Cleaned with backup
   C:\WINDOWS\inet20001\alg.exe -> Worm.Delf.i : Cleaned with backup
   C:\WINDOWS\inet20001\alg.exe.bak -> Worm.Delf.i : Cleaned with backup
   C:\WINDOWS\inet20001\mm4.exe -> Proxy.Delf.an : Cleaned with backup
   C:\WINDOWS\inet20001\mm4.exe.bak -> Proxy.Delf.an : Cleaned with backup
   C:\WINDOWS\inet20001\winlogon.exe -> Downloader.CWS.r : Cleaned with backup
   C:\WINDOWS\system\svchost.dll -> Downloader.Agent.zi : Cleaned with backup
   C:\WINDOWS\system\svchost.exe -> Dropper.Agent.aax : Cleaned with backup
   C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\aqiossn.dll -> Downloader.Qoologic.ba : Cleaned with backup
   C:\WINDOWS\system32\bre.dll -> Downloader.Small.ajp : Cleaned with backup
   C:\WINDOWS\system32\dhl.sys -> Trojan.Delf.cf : Cleaned with backup
   C:\WINDOWS\system32\lgkeq.dll -> Downloader.Qoologic.ba : Cleaned with backup
   C:\WINDOWS\system32\maxd64.exe -> Trojan.Dialer.ay : Cleaned with backup
   C:\WINDOWS\system32\msbb321.dll -> Spyware.180Solutions : Cleaned with backup
   C:\WINDOWS\system32\msiaih.dll -> Spyware.Ipend : Cleaned with backup
   C:\WINDOWS\system32\msnimk.gif -> Spyware.Ipend : Cleaned with backup
   C:\WINDOWS\system32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
   C:\WINDOWS\system32\paradise.raw.exe -> Proxy.Lager.f : Cleaned with backup
   C:\WINDOWS\system32\qvxgamet2.exe -> Downloader.Small.aqu : Cleaned with backup
   C:\WINDOWS\system32\qvxgamet3.exe -> Dropper.Small.wp : Cleaned with backup
   C:\WINDOWS\system32\split1.exe -> Downloader.Small.aux : Cleaned with backup
   C:\WINDOWS\system32\sywsvcs.exe -> Proxy.Lager.f : Cleaned with backup
   C:\WINDOWS\system32\tbirq.exe -> Trojan.Delf.cf : Cleaned with backup
   C:\WINDOWS\system32\trf32.dll -> Downloader.Small.avw : Cleaned with backup
   C:\WINDOWS\system32\twwxn.dll -> Spyware.Adstart : Cleaned with backup
   C:\WINDOWS\system32\vqwag.dat -> Downloader.Qoologic.ba : Cleaned with backup
   C:\WINDOWS\system32\vxgame6.exe -> Downloader.CWS.r : Cleaned with backup
   C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.bxc : Cleaned with backup
   C:\WINDOWS\system32\vxgamet3.exe -> Dropper.Agent.abu : Cleaned with backup
   C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Small.bpz : Cleaned with backup
   C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Tibs.p : Cleaned with backup
   C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
   C:\WINDOWS\system32\vxh8jkdq7.exe -> Downloader.Tibs.p : Cleaned with backup
   C:\WINDOWS\system32\wo8ux.dll -> Trojan.Delf.cf : Cleaned with backup


::Report End

Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 8:18:35 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\AOL\113539~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\113539~1\EE\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: B-H toolbar - {00b8fd76-519d-4889-95b3-d55dce8f003d} - C:\Program Files\B-H\tbB-H.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB704F3-7900-4C1C-B0FD-4A079AB8748F}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

SmitRem
********
6:50 PM: |       Start of Session, Monday, December 26, 2005       |
6:50 PM: Spy Sweeper started
6:50 PM: Sweep initiated using definitions version 589
6:50 PM: Starting Memory Sweep
6:52 PM: Memory Sweep Complete, Elapsed Time: 00:01:14
6:52 PM: Starting Registry Sweep
6:52 PM:   Found Adware: searchomatic
6:52 PM:   HKLM\software\microsoft\windows\currentversion\run\ || spoolsvv (ID = 141269)
6:52 PM:   Found Adware: troyanov hijacker
6:52 PM:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {0bc9bc01-54d4-4cce-2b7d-955164314cd4} (ID = 359539)
6:52 PM:   Found Trojan Horse: trojan-downloader-silly
6:52 PM:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {203b1c4d9-bc71-8916-38ad-9dea5d213614} (ID = 867140)
6:52 PM:   Found Trojan Horse: trojan-downloader-hebeeaac
6:52 PM:   HKLM\software\microsoft\windows\currentversion\runservices\ || systemtools (ID = 1062017)
6:52 PM:   HKLM\software\microsoft\windows\currentversion\runservices\ || systemtools (ID = 1062378)
6:52 PM:   Found Adware: coolwebsearch (cws)
6:52 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\sites\  (2 subtraces) (ID = 109822)
6:52 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\classes\clsid\{203b1c4d9-bc71-8916-38ad-9dea5d213614}\  (3 subtraces) (ID = 144755)
6:52 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\classes\clsid\{0bc9bc01-54d4-4cce-2b7d-955164314cd4}\  (3 subtraces) (ID = 359538)
6:52 PM:   Found Trojan Horse: trojan-backdoor-satellite
6:52 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\moviemaker\recordsettings\captureset\  (1 subtraces) (ID = 1021450)
6:52 PM:   HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\  (1 subtraces) (ID = 1021450)
6:52 PM: Registry Sweep Complete, Elapsed Time:00:00:15
6:52 PM: Starting Cookie Sweep
6:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:52 PM: Starting File Sweep
7:02 PM:   Found Adware: nvdialer
7:02 PM:   games.exe (ID = 137596)
7:03 PM:   Found Adware: dealhelper
7:03 PM:   aimvffk2.xml (ID = 57648)
7:03 PM:   aimvffk1.xml (ID = 57647)
7:06 PM:   Found Adware: ieplugin
7:06 PM:   kwv2.dat (ID = 63356)
7:09 PM:   Found Adware: gain - common components
7:09 PM:   hdplugin1101.inf (ID = 61480)
7:12 PM:   bre32.dll (ID = 199801)
7:12 PM:   Found Adware: allstar search hijacker
7:12 PM:   mscnf.dll (ID = 107173)
7:12 PM:   Found Adware: exact cashback/bargain buddy
7:12 PM:   setup.inf (ID = 50863)
7:13 PM: File Sweep Complete, Elapsed Time: 00:20:42
7:13 PM: Full Sweep has completed.  Elapsed time 00:22:20
7:13 PM: Traces Found: 28
7:26 PM: Removal process initiated
7:26 PM:   Quarantining All Traces: trojan-backdoor-satellite
7:26 PM:   Quarantining All Traces: trojan-downloader-hebeeaac
7:26 PM:   Quarantining All Traces: coolwebsearch (cws)
7:26 PM:   Quarantining All Traces: searchomatic
7:26 PM:   Quarantining All Traces: trojan-downloader-silly
7:26 PM:   Quarantining All Traces: allstar search hijacker
7:26 PM:   Quarantining All Traces: dealhelper
7:26 PM:   Quarantining All Traces: exact cashback/bargain buddy
7:26 PM:   Quarantining All Traces: ieplugin
7:26 PM:   Quarantining All Traces: nvdialer
7:26 PM:   Quarantining All Traces: troyanov hijacker
7:26 PM:   Quarantining All Traces: gain - common components
7:26 PM: Removal process completed.  Elapsed time 00:00:21
********
11:13 PM: |       Start of Session, Wednesday, December 21, 2005       |
11:13 PM: Spy Sweeper started
11:13 PM: Sweep initiated using definitions version 586
11:13 PM: Starting Memory Sweep
11:16 PM: Memory Sweep Complete, Elapsed Time: 00:02:56
11:16 PM: Starting Registry Sweep
11:17 PM: Registry Sweep Complete, Elapsed Time:00:00:35
11:17 PM: Starting Cookie Sweep
11:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:17 PM: Starting File Sweep
11:33 PM:   Found Adware: dealhelper
11:33 PM:   aimvffk2.xml (ID = 57648)
11:33 PM:   aimvffk1.xml (ID = 57647)
11:37 PM:   Found Adware: nvdialer
11:37 PM:   games.exe (ID = 137596)
11:38 PM:   Sweep Canceled
8:37 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
8:37 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
8:37 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
8:37 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
8:37 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
8:37 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
8:38 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
8:38 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: The Spy Communication shield has blocked access to: evko.biz
8:46 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
8:46 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
8:46 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
8:46 PM: Spy Installation Shield:  found: Trojan Horse: trojan-downloader-asdbiz.biz, version 1.0.0.0 -- Execution Denied
8:46 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
8:49 PM: The Spy Communication shield has blocked access to: maxysearch.info
8:49 PM: The Spy Communication shield has blocked access to: maxysearch.info
8:51 PM: The Spy Communication shield has blocked access to: evko.biz
8:51 PM: The Spy Communication shield has blocked access to: evko.biz
8:51 PM: The Spy Communication shield has blocked access to: evko.biz
8:51 PM: The Spy Communication shield has blocked access to: evko.biz
8:51 PM: The Spy Communication shield has blocked access to: evko.biz
8:51 PM: The Spy Communication shield has blocked access to: evko.biz
8:56 PM: The Spy Communication shield has blocked access to: evko.biz
8:56 PM: The Spy Communication shield has blocked access to: evko.biz
8:56 PM: The Spy Communication shield has blocked access to: evko.biz
8:56 PM: The Spy Communication shield has blocked access to: evko.biz
8:56 PM: The Spy Communication shield has blocked access to: evko.biz
8:56 PM: The Spy Communication shield has blocked access to: evko.biz
8:57 PM: The Spy Communication shield has blocked access to: 5sec.biz
8:57 PM: The Spy Communication shield has blocked access to: 5sec.biz
8:58 PM: The Spy Communication shield has blocked access to: 5sec.biz
8:58 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:03 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
9:03 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
9:04 PM: The Spy Communication shield has blocked access to: maxysearch.info
9:04 PM: The Spy Communication shield has blocked access to: maxysearch.info
9:07 PM: Spy Installation Shield:  found: Trojan Horse: trojan-downloader-asdbiz.biz, version 1.0.0.0 -- Execution Denied
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: The Spy Communication shield has blocked access to: evko.biz
9:07 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
9:07 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:12 PM: The Spy Communication shield has blocked access to: evko.biz
9:12 PM: The Spy Communication shield has blocked access to: evko.biz
9:12 PM: The Spy Communication shield has blocked access to: evko.biz
9:12 PM: The Spy Communication shield has blocked access to: evko.biz
9:12 PM: The Spy Communication shield has blocked access to: evko.biz
9:12 PM: The Spy Communication shield has blocked access to: evko.biz
9:15 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:15 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:16 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:16 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:17 PM: The Spy Communication shield has blocked access to: evko.biz
9:17 PM: The Spy Communication shield has blocked access to: evko.biz
9:17 PM: The Spy Communication shield has blocked access to: evko.biz
9:17 PM: The Spy Communication shield has blocked access to: evko.biz
9:17 PM: The Spy Communication shield has blocked access to: evko.biz
9:17 PM: The Spy Communication shield has blocked access to: evko.biz
9:19 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:19 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:19 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:19 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:21 PM: BHO Shield:  found: -- BHO installation allowed at user request
9:22 PM: The Spy Communication shield has blocked access to: evko.biz
9:22 PM: The Spy Communication shield has blocked access to: evko.biz
9:22 PM: The Spy Communication shield has blocked access to: evko.biz
9:22 PM: The Spy Communication shield has blocked access to: evko.biz
9:22 PM: The Spy Communication shield has blocked access to: evko.biz
9:22 PM: The Spy Communication shield has blocked access to: evko.biz
9:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:27 PM: The Spy Communication shield has blocked access to: evko.biz
9:27 PM: The Spy Communication shield has blocked access to: evko.biz
9:27 PM: The Spy Communication shield has blocked access to: evko.biz
9:27 PM: The Spy Communication shield has blocked access to: evko.biz
9:27 PM: The Spy Communication shield has blocked access to: evko.biz
9:27 PM: The Spy Communication shield has blocked access to: evko.biz
9:29 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:29 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:29 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:29 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:32 PM: The Spy Communication shield has blocked access to: evko.biz
9:32 PM: The Spy Communication shield has blocked access to: evko.biz
9:32 PM: The Spy Communication shield has blocked access to: evko.biz
9:32 PM: The Spy Communication shield has blocked access to: evko.biz
9:32 PM: The Spy Communication shield has blocked access to: evko.biz
9:32 PM: The Spy Communication shield has blocked access to: evko.biz
9:36 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:36 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:36 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:36 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:37 PM: The Spy Communication shield has blocked access to: evko.biz
9:37 PM: The Spy Communication shield has blocked access to: evko.biz
9:37 PM: The Spy Communication shield has blocked access to: evko.biz
9:37 PM: The Spy Communication shield has blocked access to: evko.biz
9:37 PM: The Spy Communication shield has blocked access to: evko.biz
9:37 PM: The Spy Communication shield has blocked access to: evko.biz
9:40 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:40 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:40 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:40 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:42 PM: The Spy Communication shield has blocked access to: evko.biz
9:42 PM: The Spy Communication shield has blocked access to: evko.biz
9:42 PM: The Spy Communication shield has blocked access to: evko.biz
9:42 PM: The Spy Communication shield has blocked access to: evko.biz
9:42 PM: The Spy Communication shield has blocked access to: evko.biz
9:42 PM: The Spy Communication shield has blocked access to: evko.biz
9:46 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:46 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:46 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:46 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:47 PM: The Spy Communication shield has blocked access to: evko.biz
9:47 PM: The Spy Communication shield has blocked access to: evko.biz
9:47 PM: The Spy Communication shield has blocked access to: evko.biz
9:47 PM: The Spy Communication shield has blocked access to: evko.biz
9:47 PM: The Spy Communication shield has blocked access to: evko.biz
9:47 PM: The Spy Communication shield has blocked access to: evko.biz
9:50 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:50 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:50 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:50 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:52 PM: The Spy Communication shield has blocked access to: evko.biz
9:52 PM: The Spy Communication shield has blocked access to: evko.biz
9:52 PM: The Spy Communication shield has blocked access to: evko.biz
9:52 PM: The Spy Communication shield has blocked access to: evko.biz
9:52 PM: The Spy Communication shield has blocked access to: evko.biz
9:52 PM: The Spy Communication shield has blocked access to: evko.biz
9:57 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:57 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:57 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:57 PM: The Spy Communication shield has blocked access to: 5sec.biz
9:57 PM: The Spy Communication shield has blocked access to: evko.biz
9:57 PM: The Spy Communication shield has blocked access to: evko.biz
9:57 PM: The Spy Communication shield has blocked access to: evko.biz
9:57 PM: The Spy Communication shield has blocked access to: evko.biz
9:57 PM: The Spy Communication shield has blocked access to: evko.biz
9:57 PM: The Spy Communication shield has blocked access to: evko.biz
10:00 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:00 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:01 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:01 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:02 PM: The Spy Communication shield has blocked access to: evko.biz
10:02 PM: The Spy Communication shield has blocked access to: evko.biz
10:02 PM: The Spy Communication shield has blocked access to: evko.biz
10:02 PM: The Spy Communication shield has blocked access to: evko.biz
10:02 PM: The Spy Communication shield has blocked access to: evko.biz
10:02 PM: The Spy Communication shield has blocked access to: evko.biz
10:04 PM: The Spy Communication shield has blocked access to: maxysearch.info
10:04 PM: The Spy Communication shield has blocked access to: maxysearch.info
10:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:07 PM: The Spy Communication shield has blocked access to: evko.biz
10:07 PM: The Spy Communication shield has blocked access to: evko.biz
10:07 PM: The Spy Communication shield has blocked access to: evko.biz
10:07 PM: The Spy Communication shield has blocked access to: evko.biz
10:07 PM: The Spy Communication shield has blocked access to: evko.biz
10:07 PM: The Spy Communication shield has blocked access to: evko.biz
10:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:11 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:11 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:12 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:12 PM: The Spy Communication shield has blocked access to: 5sec.biz
10:12 PM: The Spy Communication shield has blocked access to: evko.biz
10:12 PM: The Spy Communication shield has blocked access to: evko.biz
10:12 PM: The Spy Communication shield has blocked access to: evko.biz
10:12 PM: The Spy Communication shield has blocked access to: evko.biz
10:12 PM: The Spy Communication shield has blocked access to: evko.biz
10:12 PM: The Spy Communication shield has blocked access to: evko.biz
10:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
10:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
10:24 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:24 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:24 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:24 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:27 PM: The Spy Communication shield has blocked access to: maxysearch.info
10:27 PM: The Spy Communication shield has blocked access to: maxysearch.info
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: The Spy Communication shield has blocked access to: evko.biz
10:28 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
10:28 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
10:28 PM: Spy Installation Shield:  found: Trojan Horse: trojan-downloader-asdbiz.biz, version 1.0.0.0 -- Execution Denied
10:56 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
10:56 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
10:56 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:56 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:56 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:56 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
10:56 PM: The Spy Communication shield has blocked access to: maxysearch.info
10:56 PM: The Spy Communication shield has blocked access to: maxysearch.info
11:01 PM: The Spy Communication shield has blocked access to: evko.biz
11:01 PM: The Spy Communication shield has blocked access to: evko.biz
11:01 PM: The Spy Communication shield has blocked access to: evko.biz
11:02 PM: The Spy Communication shield has blocked access to: evko.biz
11:02 PM: The Spy Communication shield has blocked access to: evko.biz
11:02 PM: The Spy Communication shield has blocked access to: evko.biz
11:02 PM: The Spy Communication shield has blocked access to: evko.biz
11:02 PM: The Spy Communication shield has blocked access to: evko.biz
11:02 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
11:02 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
11:02 PM: Spy Installation Shield:  found: Trojan Horse: trojan-downloader-asdbiz.biz, version 1.0.0.0 -- Execution Denied
11:04 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:04 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:05 PM: The Spy Communication shield has blocked access to: musah.info
11:05 PM: The Spy Communication shield has blocked access to: musah.info
11:07 PM: The Spy Communication shield has blocked access to: evko.biz
11:07 PM: The Spy Communication shield has blocked access to: evko.biz
11:07 PM: The Spy Communication shield has blocked access to: evko.biz
11:07 PM: The Spy Communication shield has blocked access to: evko.biz
11:07 PM: The Spy Communication shield has blocked access to: evko.biz
11:07 PM: The Spy Communication shield has blocked access to: evko.biz
11:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:07 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:10 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:11 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:11 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:11 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:11 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:15 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:15 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:16 PM: The Spy Communication shield has blocked access to: maxysearch.info
11:16 PM: The Spy Communication shield has blocked access to: maxysearch.info
11:16 PM: Spy Installation Shield:  found: Trojan Horse: trojan-downloader-asdbiz.biz, version 1.0.0.0 -- Execution Denied
11:16 PM: The Spy Communication shield has blocked access to: musah.info
11:16 PM: The Spy Communication shield has blocked access to: musah.info
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:18 PM: The Spy Communication shield has blocked access to: evko.biz
11:19 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-core.psyche-evolution.com, version 1.0.0.0 -- Execution Denied
11:19 PM: Spy Installation Shield:  found: Trojan Horse: trojan-backdoor-haxdoor, version 1.0.0.0 -- Execution Denied
11:20 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:20 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:23 PM: The Spy Communication shield has blocked access to: evko.biz
11:23 PM: The Spy Communication shield has blocked access to: evko.biz
11:23 PM: The Spy Communication shield has blocked access to: evko.biz
11:23 PM: The Spy Communication shield has blocked access to: evko.biz
11:23 PM: The Spy Communication shield has blocked access to: evko.biz
11:23 PM: The Spy Communication shield has blocked access to: evko.biz
11:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:24 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:26 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:27 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:27 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:28 PM: The Spy Communication shield has blocked access to: evko.biz
11:28 PM: The Spy Communication shield has blocked access to: evko.biz
11:28 PM: The Spy Communication shield has blocked access to: evko.biz
11:28 PM: The Spy Communication shield has blocked access to: evko.biz
11:28 PM: The Spy Communication shield has blocked access to: evko.biz
11:28 PM: The Spy Communication shield has blocked access to: evko.biz
11:33 PM: The Spy Communication shield has blocked access to: evko.biz
11:33 PM: The Spy Communication shield has blocked access to: evko.biz
11:33 PM: The Spy Communication shield has blocked access to: evko.biz
11:33 PM: The Spy Communication shield has blocked access to: evko.biz
11:33 PM: The Spy Communication shield has blocked access to: evko.biz
11:33 PM: The Spy Communication shield has blocked access to: evko.biz
11:37 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:37 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:37 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:37 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:38 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:38 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:38 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:38 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:38 PM: The Spy Communication shield has blocked access to: evko.biz
11:38 PM: The Spy Communication shield has blocked access to: evko.biz
11:38 PM: The Spy Communication shield has blocked access to: evko.biz
11:38 PM: The Spy Communication shield has blocked access to: evko.biz
11:38 PM: The Spy Communication shield has blocked access to: evko.biz
11:38 PM: The Spy Communication shield has blocked access to: evko.biz
11:39 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:39 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:39 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:39 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:39 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:39 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:40 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:40 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:40 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:40 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:43 PM: The Spy Communication shield has blocked access to: evko.biz
11:43 PM: The Spy Communication shield has blocked access to: evko.biz
11:43 PM: The Spy Communication shield has blocked access to: evko.biz
11:43 PM: The Spy Communication shield has blocked access to: evko.biz
11:44 PM: The Spy Communication shield has blocked access to: evko.biz
11:44 PM: The Spy Communication shield has blocked access to: evko.biz
11:46 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:46 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:46 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:46 PM: The Spy Communication shield has blocked access to: stech.web-nexus.net
11:48 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:48 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:48 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:48 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:49 PM: The Spy Communication shield has blocked access to: evko.biz
11:49 PM: The Spy Communication shield has blocked access to: evko.biz
11:49 PM: The Spy Communication shield has blocked access to: evko.biz
11:49 PM: The Spy Communication shield has blocked access to: evko.biz
11:49 PM: The Spy Communication shield has blocked access to: evko.biz
11:49 PM: The Spy Communication shield has blocked access to: evko.biz
11:49 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:49 PM: The Spy Communication shield has blocked access to: 5sec.biz
11:49 PM: The Spy Communication shield has

18
Tech Clinic / Spy Sherrif
« on: December 26, 2005, 12:28:06 AM »
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

19
Tech Clinic / Spy Sherrif
« on: December 24, 2005, 12:19:42 AM »
Thanks for your help and sorry it took so long

here are my L2mfix results

L2mfix Beta 121605
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
Checking for L2MFix account(0=no 1=yes):
0
   zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (140 bytes security) (deflated 88%)




Here are the hijackthis results

Logfile of HijackThis v1.99.1
Scan saved at 11:14:20 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\inet20001\services.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\kernels64.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\batserv2.exe
C:\winstall.exe
C:\WINDOWS\system32\sywsvcs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\vxh8jkdq2.exe
C:\WINDOWS\system32\vxh8jkdq6.exe
C:\WINDOWS\system32\vxh8jkdq7.exe
C:\WINDOWS\system32\maxd64.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: B-H toolbar - {00b8fd76-519d-4889-95b3-d55dce8f003d} - C:\Program Files\B-H\tbB-H.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kypiqq.exe reg_run
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135391434\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9AC81071-4B2C-48DF-A245-C131DD64B7D2} (MachineCheck Class) -
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://192.168.22.5/webinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFI.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\rsvpmsg927a.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\kt6sl7j71.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\iuss.dll (file missing)
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

20
Tech Clinic / Spy Sherrif
« on: December 16, 2005, 01:38:49 AM »
Logfile of HijackThis v1.99.1
Scan saved at 12:36:49 AM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\winstall.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\kernels64.exe
C:\WINDOWS\system32\vxh8jkdq2.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\qvxgamet4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: B-H toolbar - {00b8fd76-519d-4889-95b3-d55dce8f003d} - C:\Program Files\B-H\tbB-H.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kypiqq.exe reg_run
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9AC81071-4B2C-48DF-A245-C131DD64B7D2} (MachineCheck Class) -
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://192.168.22.5/webinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFI.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\rsvpmsg927a.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\kt6sl7j71.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\iuss.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE





********
11:12 PM: |       Start of Session, Thursday, December 15, 2005       |
11:12 PM: Spy Sweeper started
11:12 PM: Sweep initiated using definitions version 586
11:12 PM: Starting Memory Sweep
11:15 PM:   Found Adware: clkoptimizer
11:15 PM:   Detected running threat: C:\WINDOWS\system32\wuauclt.dll (ID = 143665)
11:16 PM:   Found Adware: delfin
11:16 PM:   Detected running threat: C:\WINDOWS\system32\picsvr\picsvr.exe (ID = 57768)
11:16 PM:   HKLM\Software\Microsoft\Windows\CurrentVersion\Run || picsvr (ID = 0)
11:28 PM: Memory Sweep Complete, Elapsed Time: 00:15:57
11:28 PM: Starting Registry Sweep
11:28 PM:   Found Adware: 7adpower
11:28 PM:   HKLM\software\classes\interface\{12e919bc-c70f-432b-b831-1180de734505}\  (8 subtraces) (ID = 102195)
11:28 PM:   Found Adware: aksoft
11:28 PM:   HKLM\software\aksoft\.support\  (10 subtraces) (ID = 103365)
11:28 PM:   HKLM\software\aksoft\.target\  (80 subtraces) (ID = 103366)
11:28 PM:   HKCR\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (6 subtraces) (ID = 105953)
11:28 PM:   HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (1 subtraces) (ID = 106021)
11:28 PM:   HKLM\software\classes\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (6 subtraces) (ID = 106049)
11:28 PM:   HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\  (1 subtraces) (ID = 106116)
11:28 PM:   HKLM\software\microsoft\windows\currentversion\run\ || picsvr (ID = 124872)
11:28 PM:   HKLM\software\mvu\  (6 subtraces) (ID = 124885)
11:28 PM:   HKLM\software\nsvcin\ (ID = 124886)
11:28 PM:   HKLM\software\picsvr\  (2 subtraces) (ID = 124891)
11:28 PM:   Found Adware: ezula ilookup
11:28 PM:   HKCR\appid\atlbrowser.exe\  (1 subtraces) (ID = 126121)
11:28 PM:   HKCR\atlbrcon.atlbrcon\  (3 subtraces) (ID = 126127)
11:28 PM:   HKLM\software\classes\appid\atlbrowser.exe\  (1 subtraces) (ID = 126207)
11:28 PM:   HKLM\software\classes\atlbrcon.atlbrcon.1\  (3 subtraces) (ID = 126213)
11:28 PM:   HKLM\software\classes\atlbrcon.atlbrcon\  (3 subtraces) (ID = 126214)
11:28 PM:   Found Adware: ieplugin
11:28 PM:   HKLM\software\microsoft\internet explorer\toolbar\ || {2cde1a7d-a478-4291-bf31-e1b4c16f92eb} (ID = 128178)
11:29 PM:   Found Adware: look2me
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || tsvcin (ID = 129953)
11:29 PM:   HKLM\software\tsvcin\  (2 subtraces) (ID = 129976)
11:29 PM:   HKLM\software\tsvcin\ || a (ID = 129977)
11:29 PM:   Found Trojan Horse: rasmin
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || windowsupdate (ID = 144085)
11:29 PM:   Found Trojan Horse: trojan-backdoor-dimenoc
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || windowsupdate (ID = 144085)
11:29 PM:   Found Trojan Horse: vesbiz downloader
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || system (ID = 145542)
11:29 PM:   Found Adware: directrevenue-abetterinternet
11:29 PM:   HKCR\interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673}\  (8 subtraces) (ID = 145809)
11:29 PM:   HKLM\software\classes\interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673}\  (8 subtraces) (ID = 145886)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\{000fa346-d004-45e1-bc4c-9408d6cd4128}\  (1 subtraces) (ID = 146124)
11:29 PM:   Found Adware: websearch toolbar
11:29 PM:   HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\  (8 subtraces) (ID = 146518)
11:29 PM:   Found Adware: winad
11:29 PM:   HKCR\mediagatewayx.installer\  (3 subtraces) (ID = 372857)
11:29 PM:   HKCR\mediagatewayx.installer\clsid\  (1 subtraces) (ID = 372859)
11:29 PM:   Found Adware: virtualbouncer
11:29 PM:   HKCR\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\  (11 subtraces) (ID = 392235)
11:29 PM:   HKLM\software\classes\clsid\{18bbdf4d-611d-41ce-a7e7-b2dd23c250d1}\  (11 subtraces) (ID = 392390)
11:29 PM:   HKLM\software\classes\mediagatewayx.installer\  (3 subtraces) (ID = 398902)
11:29 PM:   HKLM\software\classes\mediagatewayx.installer\clsid\  (1 subtraces) (ID = 398904)
11:29 PM:   HKLM\software\classes\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\  (11 subtraces) (ID = 476604)
11:29 PM:   Found Adware: letsroll911.org hijacker
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || system (ID = 594251)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\run\ || winsync (ID = 601545)
11:29 PM:   Found Adware: dealhelper
11:29 PM:   HKLM\software\ddate\  (1 subtraces) (ID = 636618)
11:29 PM:   HKLM\software\aksoft\  (34293 subtraces) (ID = 639132)
11:29 PM:   Found Adware: clientman
11:29 PM:   HKCR\appid\urlcli.dll\  (1 subtraces) (ID = 701476)
11:29 PM:   HKCR\typelib\{026e4b83-1bf7-41cb-8233-4af35341bc69}\  (9 subtraces) (ID = 701480)
11:29 PM:   HKLM\software\classes\appid\urlcli.dll\  (1 subtraces) (ID = 701492)
11:29 PM:   HKLM\software\classes\typelib\{026e4b83-1bf7-41cb-8233-4af35341bc69}\  (9 subtraces) (ID = 701496)
11:29 PM:   HKLM\software\microsoft\internet explorer\extensions\{9e248641-0e24-4ddb-9a1f-705087832ad6}\  (2 subtraces) (ID = 753449)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\  (2 subtraces) (ID = 763026)
11:29 PM:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
11:29 PM:   HKCR\searchrep.searchreppp\  (5 subtraces) (ID = 770179)
11:29 PM:   HKCR\searchrep.searchreppp.1\  (3 subtraces) (ID = 770185)
11:29 PM:   HKCR\typelib\{8dbd1ce8-2720-4774-8cc6-32737958ac4b}\  (9 subtraces) (ID = 770203)
11:29 PM:   HKLM\software\classes\searchrep.searchreppp\  (5 subtraces) (ID = 770217)
11:29 PM:   HKLM\software\classes\searchrep.searchreppp.1\  (3 subtraces) (ID = 770223)
11:29 PM:   HKLM\software\classes\typelib\{8dbd1ce8-2720-4774-8cc6-32737958ac4b}\  (9 subtraces) (ID = 770241)
11:29 PM:   HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\  (8 subtraces) (ID = 815132)
11:29 PM:   HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\  (8 subtraces) (ID = 815145)
11:29 PM:   Found Trojan Horse: xcp rootkit
11:29 PM:   HKLM\system\currentcontrolset\services\$sys$aries\  (11 subtraces) (ID = 976072)
11:29 PM:   Found Adware: cws sp.html hijack
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\search\ || searchassistant_bak (ID = 123751)
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\mvu\  (5 subtraces) (ID = 124884)
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\picsvr\  (1 subtraces) (ID = 124890)
11:29 PM:   Found Adware: effective-i toolbar
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)
11:29 PM:   Found Adware: spysheriff
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 142127)
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\ahexe\  (30 subtraces) (ID = 145821)
11:29 PM:   Found Trojan Horse: trojan-backdoor-securemulti
11:29 PM:   HKU\S-1-5-21-448539723-920026266-839522115-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 484139)
11:29 PM:   Found Adware: navexcel navhelper
11:29 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {5aa06644-bc46-4220-a460-47a6eb47c96d} (ID = 135541)
11:29 PM:   HKU\S-1-5-18\software\navexcel ltd\  (9 subtraces) (ID = 135548)
11:29 PM:   Found Adware: twain-tech
11:29 PM:   HKU\S-1-5-18\software\mxtarget\  (5 subtraces) (ID = 145343)
11:29 PM: Registry Sweep Complete, Elapsed Time:00:01:08
11:29 PM: Starting Cookie Sweep
11:29 PM:   Found Spy Cookie: go.com cookie
11:29 PM:   [email protected][2].txt (ID = 2729)
11:29 PM:   Found Spy Cookie: yieldmanager cookie
11:29 PM:   [email protected][2].txt (ID = 3751)
11:29 PM:   Found Spy Cookie: adknowledge cookie
11:29 PM:   administrator@adknowledge[2].txt (ID = 2072)
11:29 PM:   Found Spy Cookie: hbmediapro cookie
11:29 PM:   [email protected][2].txt (ID = 2768)
11:29 PM:   Found Spy Cookie: specificclick.com cookie
11:29 PM:   [email protected][2].txt (ID = 3400)
11:29 PM:   Found Spy Cookie: belointeractive cookie
11:29 PM:   [email protected][1].txt (ID = 2295)
11:29 PM:   Found Spy Cookie: pointroll cookie
11:29 PM:   [email protected][2].txt (ID = 3148)
11:29 PM:   administrator@belointeractive[1].txt (ID = 2294)
11:29 PM:   Found Spy Cookie: zedo cookie
11:29 PM:   [email protected][1].txt (ID = 3763)
11:29 PM:   Found Spy Cookie: exitexchange cookie
11:29 PM:   administrator@exitexchange[1].txt (ID = 2633)
11:29 PM:   administrator@go[1].txt (ID = 2728)
11:29 PM:   Found Spy Cookie: clickandtrack cookie
11:29 PM:   [email protected][2].txt (ID = 2397)
11:29 PM:   Found Spy Cookie: questionmarket cookie
11:29 PM:   administrator@questionmarket[1].txt (ID = 3217)
11:29 PM:   Found Spy Cookie: serving-sys cookie
11:29 PM:   administrator@serving-sys[2].txt (ID = 3343)
11:29 PM:   Found Spy Cookie: statcounter cookie
11:29 PM:   administrator@statcounter[1].txt (ID = 3447)
11:29 PM:   Found Spy Cookie: trafficmp cookie
11:29 PM:   administrator@trafficmp[1].txt (ID = 3581)
11:29 PM:   Found Spy Cookie: tribalfusion cookie
11:29 PM:   administrator@tribalfusion[1].txt (ID = 3589)
11:29 PM:   Found Spy Cookie: adserver cookie
11:29 PM:   [email protected][1].txt (ID = 2142)
11:29 PM:   administrator@zedo[1].txt (ID = 3762)
11:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:29 PM: Starting File Sweep
11:29 PM:   c:\program files\spysheriff (2 subtraces) (ID = -2147476679)
11:29 PM:   c:\windows\inst (ID = -2147480086)
11:29 PM:   c:\documents and settings\all users\application data\picsvr (2 subtraces) (ID = -2147481134)
11:29 PM:   c:\documents and settings\all users\application data\wsxs (1 subtraces) (ID = -2147481131)
11:29 PM:   c:\windows\system32\nsvsvc (2 subtraces) (ID = -2147481119)
11:29 PM:   c:\documents and settings\all users\application data\nsv (18 subtraces) (ID = -2147481136)
11:29 PM:   c:\windows\system32\picsvr (1 subtraces) (ID = -2147481118)
11:30 PM:   655c4132-8b7d-42e1-bbbf-d2a792 (ID = 53202)
11:30 PM:   15c170b3-efd2-45cd-b42a-e00978 (ID = 53202)
11:30 PM:   Found Adware: e2g
11:30 PM:   ei51.exe (ID = 59384)
11:30 PM:   ds3.dll (ID = 65767)
11:31 PM:   731cff7b-cee2-4499-ad6d-ee78bc (ID = 53184)
11:32 PM:   Found Trojan Horse: trojan-downloader-moneymind
11:32 PM:   moneyspj.exe (ID = 80826)
11:32 PM:   bc39ba07-5de8-4ffb-973c-0b8b72 (ID = 53202)
11:33 PM:   31e6e23d-adfc-4e9c-89b5-88d989.asq (ID = 116897)
11:33 PM:   Found Adware: shopathomeselect
11:33 PM:   shagentnew.dll (ID = 75942)
11:33 PM:   35cf20f8-a4fb-44f7-a144-3d0555.asq (ID = 53205)
11:34 PM:   Found Adware: exact cashback/bargain buddy
11:34 PM:   installer_mediawhiz8.exe (ID = 50696)
11:34 PM:   l26olcj31fo.dll (ID = 159)
11:34 PM:   0e3486fb-498b-4ef1-9e90-48684f.asq (ID = 116897)
11:34 PM:   85709154-ff64-48ca-99e5-d8b894.asq (ID = 53205)
11:34 PM:   n0l8la3u1d.dll (ID = 159)
11:35 PM:   hkactivex.dll (ID = 159)
11:35 PM:   rivpperf.dll (ID = 159)
11:35 PM:   f4aced25-39a3-4467-8548-87ceb6.asq (ID = 120384)
11:35 PM:   n4l8le3u1h.dll (ID = 159)
11:36 PM:   lvpm0971e.dll (ID = 159)
11:36 PM:   5f83d443-a077-4995-b519-d01e60.asq (ID = 120384)
11:36 PM:   cktdll.dll (ID = 159)
11:36 PM:   wadmps.dll (ID = 159)
11:36 PM:   nykuff.execommon startup (ID = 53184)
11:36 PM:   37c2b1d0-38c9-43f6-a168-670190.asq (ID = 120384)
11:36 PM:   mdapsspc.dll (ID = 159)
11:36 PM:   downloader.exe (ID = 164938)
11:36 PM:   1ad34ac3-420a-49dc-b80d-a2071d.asq (ID = 116897)
11:36 PM:   afd7b4f4-f740-4c82-a260-ce0922.asq (ID = 120384)
11:36 PM:   97daa5f1-bc2d-4df9-97eb-6bf71e.asq (ID = 120384)
11:36 PM:   6f44139c-9a99-4447-9c37-3bd06e.asq (ID = 53205)
11:36 PM:   ijfxpph.dll (ID = 159)
11:36 PM:   mftrig.dll (ID = 159)
11:36 PM:   n26q0cj5efo.dll (ID = 159)
11:36 PM:   f8da9bf6-2798-4ceb-b8d7-202396 (ID = 53202)
11:36 PM:   7a7eb7b3-bf4f-482c-b31b-ffbef2.asq (ID = 120384)
11:36 PM:   71cb85e5-4266-4572-95e1-2de3e7.asq (ID = 116897)
11:36 PM:   dc28ad81-8736-459a-8fc0-ca3ad3.asq (ID = 120384)
11:36 PM:   0feebe07-0642-45a2-849c-65240d.asq (ID = 116897)
11:36 PM:   d6e73193-608d-40c8-b383-c0bda7.asq (ID = 116897)
11:36 PM:   78896054-1fac-44ec-b1d1-f20b45.asq (ID = 120384)
11:36 PM:   62de0de2-ea94-46ca-b7e2-e0da6c.asq (ID = 53205)
11:37 PM:   iiign32.dll (ID = 159)
11:37 PM:   mwcans32.dll (ID = 65904)
11:37 PM:   1db068e1-0139-44e1-bcd9-2ffb12.asq (ID = 120384)
11:37 PM:   wdadmod.dll (ID = 159)
11:37 PM:   39de90a8-a03f-4693-a6f1-486374.asq (ID = 120384)
11:37 PM:   8b14b74f-92a7-4ef5-9e9c-ecef7d.asq (ID = 120384)
11:37 PM:   m082lalo1dqc.dll (ID = 159)
11:37 PM:   nvdeapi.dll (ID = 159)
11:37 PM:   certc.dll (ID = 159)
11:37 PM:   mvpol9731.dll (ID = 159)
11:37 PM:   6227a65c-8051-4289-a658-4cbeef.asq (ID = 120384)
11:37 PM:   iconu.exe (ID = 65721)
11:37 PM:   7e08e58e-6ad5-4475-89b5-c693ba.asq (ID = 120384)
11:37 PM:   8f5c433e-63a7-49f2-8f48-1b8361.asq (ID = 53205)
11:37 PM:   6d038d48-4fa5-40d0-a71e-c56b6e.asq (ID = 116897)
11:37 PM:   aimvffk.xml (ID = 57646)
11:37 PM:   hefci004.dll (ID = 65904)
11:38 PM:   b65c6a83-9fbd-4efe-9c15-f38711.asq (ID = 53205)
11:38 PM:   8e82c065-1951-4c53-9245-1e080a.asq (ID = 116897)
11:38 PM:   78257d6c-9e64-4488-a221-53ba8e.asq (ID = 53205)
11:38 PM:   en4sl1h71.dll (ID = 159)
11:38 PM:   ktlul7391.dll (ID = 159)
11:38 PM:   r86u0ij9e8o.dll (ID = 159)
11:38 PM:   80291133-d7c6-41e9-acf2-177260.asq (ID = 53205)
11:38 PM:   n8n60i5se8.dll (ID = 159)
11:38 PM:   cpmrepl.dll (ID = 159)
11:38 PM:   02e6bfda-1832-465d-9c0d-b1a9f7.asq (ID = 120384)
11:38 PM:   Found Adware: gain - common components
11:38 PM:   hdplugin1101.dll (ID = 61477)
11:39 PM:   k4lq0e35eh.dll (ID = 159)
11:39 PM:   d3aa59c8-7620-4a47-ac19-651c52.asq (ID = 53205)
11:39 PM:   vgactl.cpl (ID = 143664)
11:39 PM:   e2024ec4-4e1e-40bf-a85c-b16ade.asq (ID = 53205)
11:39 PM:   BHO Shield:  found: -- BHO installation allowed at user request
11:39 PM:   c6002gdmg60a2.dll (ID = 159)
11:39 PM:   l88m0il1e8q.dll (ID = 159)
11:40 PM:   0b97a2ff-09d5-4e9e-b5a0-13b482.asq (ID = 116897)
11:40 PM:   c7912df4-17ea-493e-86db-447219 (ID = 53202)
11:40 PM:   Found Trojan Horse: trojan-downloader-infectedhost
11:40 PM:   svchost.dll (ID = 201334)
11:40 PM:   maiseq.dll (ID = 159)
11:41 PM:   hrns0557e.dll (ID = 159)
11:41 PM:   wknfax.dll (ID = 65904)
11:41 PM:   lvls0937e.dll (ID = 159)
11:41 PM:   702d8767-b3a0-45f1-966b-311991.asq (ID = 53205)
11:41 PM:   mvp8l97u1.dll (ID = 159)
11:41 PM:   q8nuli5918.dll (ID = 159)
11:41 PM:   25ccf445-aa76-41dd-8483-fd07e7.asq (ID = 116897)
11:41 PM:   a3db4b29-781e-44b8-b62b-31d9da (ID = 53202)
11:41 PM:   wnhnetbs.dll (ID = 159)
11:42 PM:   en66l1js1.dll (ID = 159)
11:42 PM:   hdplugin1101.dll (ID = 61477)
11:42 PM:   c2000cdmef0a0.dll (ID = 159)
11:42 PM:   5db4cee8-06c7-4111-ad17-e7ec72.asq (ID = 53134)
11:42 PM:   3ef150a0-4cfb-4073-8189-d7e9e4.asq (ID = 53205)
11:42 PM:   hdplugin1101.inf (ID = 61480)
11:42 PM:   2ffa856a-8a3e-49bc-a1b7-e364ab.asq (ID = 116897)
11:42 PM:   jt4807hue.dll (ID = 159)
11:42 PM:   Found Adware: 180search assistant/zango
11:42 PM:   sain_kyf.dat (ID = 70616)
11:42 PM:   sainau.dat (ID = 70615)
11:42 PM:   Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
11:42 PM:   vxt2.game (ID = 197844)
11:42 PM:   k0260afsed260.dll (ID = 159)
11:42 PM:   gprml3911.dll (ID = 159)
11:42 PM:   j8l4li3q18.dll (ID = 159)
11:43 PM:   l8j8li1u18.dll (ID = 159)
11:43 PM:   h40qled51h0.dll (ID = 159)
11:43 PM:   hrr8059ue.dll (ID = 159)
11:43 PM:   mdl_hp.dll (ID = 159)
11:43 PM:   mgutil.dll (ID = 65904)
11:44 PM:   uxdmxfrm.dll (ID = 159)
11:44 PM:   Found Adware: wildmedia
11:44 PM:   standard.exe (ID = 88774)
11:44 PM:   l0l6la3s1d.dll (ID = 159)
11:44 PM:   k4pmle711h.dll (ID = 159)
11:45 PM:   ksdmac.dll (ID = 159)
11:45 PM:   1449cb15-7b22-4e23-bcff-1ff4ae.asq (ID = 116897)
11:45 PM:   iifxress.dll (ID = 159)
11:46 PM:   a6d6ca4a-182d-40a1-a531-114bf3 (ID = 53202)
11:46 PM:   kodes.dll (ID = 65904)
11:46 PM:   desktop.html (ID = 178574)
11:46 PM:   Found Adware: isearch desktop search
11:46 PM:   d62c81b6-a7d5-4667-a689-bc9585 (ID = 64334)
11:47 PM:   hdplugin1019.inf (ID = 61473)
11:47 PM:   hdplugin1101.inf (ID = 61480)
11:47 PM:   vxgamet2.exe (ID = 197844)
11:47 PM:   Found Trojan Horse: trojan-downloader-asdbiz.biz
11:47 PM:   qvxgamet2.exe (ID = 80237)
11:47 PM:   vxgame6.exe (ID = 80237)
11:47 PM:   svchost.exe (ID = 203593)
11:47 PM:   wuauclt.dll (ID = 143665)
11:47 PM:   98491621-2257-4896-888f-bc5e76 (ID = 143665)
11:47 PM:   02709b22-b3e3-4e1e-a9a8-ec2c1c (ID = 143665)
11:47 PM:   sstray.exe (ID = 203593)
11:47 PM:   b02f321b-1261-4a76-af1f-1cf114 (ID = 143665)
11:47 PM:   bd24d720-8ad3-4549-ae61-e79193 (ID = 53202)
11:47 PM:   picsvr.exe (ID = 57768)
11:47 PM:   HKLM\Software\Microsoft\Windows\CurrentVersion\Run || picsvr (ID = 0)
11:47 PM:   825f7002-68f6-4d5d-a3b3-6e234c (ID = 143665)
11:47 PM:   uninstall.exe (ID = 198832)
11:47 PM:   b998b4c0-b3b8-41a7-83f5-e86902 (ID = 53202)
11:47 PM:   2d67b064-bd98-46f5-b871-9d257e (ID = 143665)
11:48 PM:   3ab15aa8-846e-4d18-9be6-336bee.asq (ID = 53205)
11:48 PM:   80afb4ec-a2b0-4239-ae7a-ab0c5a (ID = 143665)
11:48 PM:   511f5974-e921-45d2-a790-d917e8 (ID = 143665)
11:48 PM:   bf3dd05d-684e-43bc-b282-6bd453 (ID = 53202)
11:48 PM:   en20l1fm1.dll (ID = 159)
11:48 PM:   irox.exe (ID = 70642)
11:48 PM:   fppu0379e.dll (ID = 159)
11:48 PM:   jt8u07l9e.dll (ID = 159)
11:48 PM:   mmperf.dll (ID = 159)
11:48 PM:   f00o0ad3ed0.dll (ID = 159)
11:49 PM:   ksdcr.dll (ID = 159)
11:49 PM:   cgpbk32.dll (ID = 65904)
11:49 PM:   mfvcirt.dll (ID = 65904)
11:49 PM:   i2lolc331f.dll (ID = 159)
11:49 PM:   mvrql9951.dll (ID = 159)
11:49 PM:   mycsubs.dll (ID = 159)
11:49 PM:   Found Adware: couponage
11:49 PM:   casync.dll (ID = 54700)
11:49 PM:   slnsapi.dll (ID = 159)
11:49 PM:   cacore.dll (ID = 54694)
11:49 PM:   f0ab681d-3eb9-422d-adb1-fa2391.asq (ID = 116897)
11:49 PM:   f6l0lg3m16.dll (ID = 159)
11:49 PM:   175fd306-019c-4ddf-97a4-f93cd7 (ID = 120129)
11:49 PM:   ir2ul5f91.dll (ID = 159)
11:49 PM:   aza6l1js1.dll (ID = 159)
11:49 PM:   9590c27d-dd15-4df9-a141-d72f81 (ID = 120129)
11:50 PM:   i6600gjme6oa0.dll (ID = 159)
11:50 PM:   akrules.dll (ID = 49674)
11:50 PM:   oabccp32.dll (ID = 159)
11:50 PM:   abicap.dll (ID = 65904)
11:50 PM:   wmv1215.dbd (ID = 57687)
11:50 PM:   carules.dll (ID = 54699)
11:50 PM:   iyssdo.dll (ID = 65904)
11:51 PM:   akupd.dll (ID = 49673)
11:51 PM:   akcore.dll (ID = 49676)
11:51 PM:   c95e3617-fc77-4e24-a8a4-ca5866 (ID = 53193)
11:51 PM:   mgjava.dll (ID = 65904)
11:51 PM:   ibmp.dll (ID = 65904)
11:51 PM:   aza8lg9u16.dll (ID = 159)
11:51 PM:   soc.dll (ID = 159)
11:51 PM:   almlib.dll (ID = 65904)
11:51 PM:   otbccu32.dll (ID = 65904)
11:51 PM:   mqimtf.dll (ID = 65904)
11:51 PM:   h20qlcd51f0.dll (ID = 159)
11:51 PM:   modimap.dll (ID = 65904)
11:51 PM:   moawt.dll (ID = 65904)
11:51 PM:   kfdmaori.dll (ID = 65904)
11:51 PM:   aotodisc.dll (ID = 159)
11:51 PM:   kldit142.dll (ID = 159)
11:51 PM:   m482lelo1hqc.dll (ID = 159)
11:51 PM:   aimvffk2.xml (ID = 57648)
11:52 PM:   jqsh400.dll (ID = 159)
11:52 PM:   fhsrch.dll (ID = 159)
11:52 PM:   aimvffk1.xml (ID = 57647)
11:52 PM:   gp46l3hs1.dll (ID = 159)
11:52 PM:   se2evnt1.dll (ID = 159)
11:52 PM:   fp0q03d5e.dll (ID = 159)
11:52 PM:   fp4403hqe.dll (ID = 159)
11:52 PM:   fpr2039oe.dll (ID = 159)
11:52 PM:   pprfproc.dll (ID = 159)
11:52 PM:   l42slef71h2.dll (ID = 159)
11:52 PM:   i8jq0i15e8.dll (ID = 159)
11:53 PM:   dddim700.dll (ID = 159)
11:53 PM:   g4jo0e13eh.dll (ID = 159)
11:53 PM:   g8joli1318.dll (ID = 159)
11:53 PM:   dnlcdf32.dll (ID = 159)
11:53 PM:   ac9a9236-8df6-4925-9eea-83eb9d.asq (ID = 53205)
11:53 PM:   doconfig.dll (ID = 159)
11:53 PM:   8a9b4acc-651c-4d74-a337-874d4f.asq (ID = 116897)
11:53 PM:   dvlix.dll (ID = 159)
11:53 PM:   dhmsadsn.dll (ID = 159)
11:53 PM:   e0202afmgd2a2.dll (ID = 159)
11:53 PM:   en4ml1h11.dll (ID = 65730)
11:53 PM:   patchme.exe (ID = 57767)
11:53 PM:   mldsrv32.dll (ID = 65730)
11:54 PM:   mqoert2.dll (ID = 159)
11:54 PM:   cidial32.dll (ID = 159)
11:54 PM:   nsvs.dll (ID = 57751)
11:54 PM:   mqrddm.dll (ID = 159)
11:54 PM:   mrdemui.dll (ID = 159)
11:54 PM:   mnidntld.dll (ID = 65730)
11:54 PM:   13ab9051-b05e-4015-890e-7e739b.asq (ID = 53134)
11:54 PM:   jisd400.dll (ID = 65904)
11:54 PM:   iewphbk.dll (ID = 65904)
11:54 PM:   azaslef71h2.dll (ID = 159)
11:54 PM:   sqreamci.dll (ID = 159)
11:54 PM:   7165fd9b-4e9e-4db6-abcf-bc995a.asq (ID = 116897)
11:54 PM:   iqnathlp.dll (ID = 65904)
11:54 PM:   5c6c72ba-fac9-402c-bd63-fe6979.asq (ID = 116897)
11:55 PM:   en68l1ju1.dll (ID = 159)
11:55 PM:   swscrap.dll (ID = 65904)
11:55 PM:   t6r8lg9u16.dll (ID = 159)
11:55 PM:   28475f37-2db1-40a7-902a-f53c83.asq (ID = 53134)
11:55 PM:   vx6.game (ID = 80237)
11:55 PM:   qvxt2.game (ID = 80237)
11:55 PM:   o666lgjs16o6.dll (ID = 159)
11:55 PM:   9bcc5f81-34b4-4fe1-89bc-1e9502.asq (ID = 116897)
11:55 PM:   o684lglq16qe.dll (ID = 159)
11:55 PM:   o6ro0g93e6.dll (ID = 159)
11:55 PM:   o6rolg9316.dll (ID = 159)
11:56 PM:   camsnap.dll (ID = 65904)
11:56 PM:   Found Adware: nvdialer
11:56 PM:   games.exe (ID = 137596)
11:56 PM:   wmv1920.dbd (ID = 57692)
11:56 PM:   wmv2007.dbd (ID = 57693)
11:56 PM:   ihq.dll (ID = 159)
11:57 PM:   kwdhe.dll (ID = 159)
11:58 PM:   rxsmans.dll (ID = 159)
11:58 PM:   f7e52304-e85c-47b4-960a-5f3141.asq (ID = 53205)
11:58 PM:   kwv2.dat (ID = 63356)
11:59 PM:   irr0l59m1.dll (ID = 159)
11:59 PM:   mgdsrv32.dll (ID = 159)
11:59 PM:   46363592-a020-463e-b011-ccfcce.asq (ID = 116897)
11:59 PM:   feb60e17-234a-40ee-891d-fa220a.asq (ID = 116897)
11:59 PM:   aza4lglq16qe.dll (ID = 65730)
11:59 PM:   jcdw400.dll (ID = 159)
12:00 AM:   pgofmap.dll (ID = 65904)
12:00 AM:   nqdsbcli.dll (ID = 159)
12:00 AM:   gpsieer.dll (ID = 53179)
12:01 AM:   jtn4075qe.dll (ID = 159)
12:01 AM:   prchdprf.dll (ID = 159)
12:02 AM:   irv6mon.dll (ID = 159)
12:02 AM:   k4pm0e71eh.dll (ID = 159)
12:02 AM:   bxellist.dll (ID = 159)
12:03 AM:   uqpnpmgr.dll (ID = 159)
12:03 AM:   e8166481-cce9-4edb-8cbd-06c493.asq (ID = 116897)
12:03 AM:   n46qlej51ho.dll (ID = 159)
12:03 AM:   k2800clmefqa0.dll (ID = 159)
12:03 AM:   elcapi.dll (ID = 159)
12:03 AM:   Found Trojan Horse: 2nd-thought
12:03 AM:   dgi.exe (ID = 48210)
12:05 AM:   l8r00i9me8.dll (ID = 159)
12:05 AM:   muiole16.dll (ID = 65904)
12:05 AM:   3daa44b9-00a3-48a9-a544-b0751f.asq (ID = 116897)
12:08 AM:   jkt.dll (ID = 65904)
12:10 AM:   hdplugin1101.inf (ID = 61480)
12:11 AM:   jt4o07h3e.dll (ID = 159)
12:12 AM:   Found Trojan Horse: trojan-downloader-delf
12:12 AM:   moneyspm.exe (ID = 80426)
12:13 AM:   iosso.dll (ID = 65904)
12:13 AM:   uwdmxfrm.dll (ID = 159)
12:13 AM:   jtl2073oe.dll (ID = 159)
12:13 AM:   njprovau.dll (ID = 65904)
12:15 AM:   wmv0204.ddx (ID = 57686)
12:15 AM:   wmv0504.ddx (ID = 57686)
12:15 AM:   wmv0904.ddx (ID = 57691)
12:15 AM:   wmv0412.ddx (ID = 57686)
12:15 AM:   wmv0106.ddx (ID = 57679)
12:15 AM:   wmv0315.ddx (ID = 57686)
12:16 AM:   setup.inf (ID = 50863)
12:16 AM:   wmv1204.ddx (ID = 57686)
12:16 AM:   deskbar.ini (ID = 64321)
12:16 AM:   wmv1909.ddx (ID = 57691)
12:16 AM:   wmv1125.ddx (ID = 57685)
12:16 AM:   Found System Monitor: potentially rootkit-masked files
12:16 AM:   $sys$cor.sys (ID = 0)
12:16 AM:   $sys$drmserver.exe (ID = 0)
12:16 AM:   $sys$caj.dll (ID = 0)
12:16 AM:   $sys$upgtool.exe (ID = 0)
12:16 AM:   $sys$parking (ID = 0)
12:16 AM:   20050911164137.zip (ID = 57796)
12:17 AM: File Sweep Complete, Elapsed Time: 00:47:37
12:17 AM: Full Sweep has completed.  Elapsed time 01:04:52
12:17 AM: Traces Found: 35040
12:25 AM: Removal process initiated
12:26 AM:   Quarantining All Traces: 180search assistant/zango
12:26 AM:   Quarantining All Traces: 2nd-thought
12:26 AM:   Quarantining All Traces: clkoptimizer
12:27 AM:   clkoptimizer is in use.  It will be removed on reboot.
12:27 AM:     wuauclt.dll is in use.  It will be removed on reboot.
12:27 AM:     C:\WINDOWS\system32\wuauclt.dll is in use.  It will be removed on reboot.
12:27 AM:   Quarantining All Traces: directrevenue-abetterinternet
12:27 AM:   Quarantining All Traces: isearch desktop search
12:27 AM:   Quarantining All Traces: look2me
12:28 AM:   The Spy Communication shield has blocked access to: mm.delfinproject.com
12:28 AM:   The Spy Communication shield has blocked access to: mm.delfinproject.com
12:29 AM:   Quarantining All Traces: potentially rootkit-masked files
12:29 AM:   potentially rootkit-masked files is in use.  It will be removed on reboot.
12:29 AM:     $sys$drmserver.exe is in use.  It will be removed on reboot.
12:29 AM:   Quarantining All Traces: spysheriff
12:29 AM:   Quarantining All Traces: trojan-backdoor-securemulti
12:29 AM:   Quarantining All Traces: trojan-downloader-moneymind
12:29 AM:   Quarantining All Traces: websearch toolbar
12:29 AM:   Quarantining All Traces: wildmedia
12:29 AM:   Quarantining All Traces: delfin
12:29 AM:   delfin is in use.  It will be removed on reboot.
12:29 AM:     picsvr.exe is in use.  It will be removed on reboot.
12:29 AM:   Quarantining All Traces: letsroll911.org hijacker
12:29 AM:   Quarantining All Traces: rasmin
12:29 AM:   Quarantining All Traces: trojan-backdoor-core.psyche-evolution.com
12:29 AM:   Quarantining All Traces: trojan-backdoor-dimenoc
12:29 AM:   Quarantining All Traces: trojan-downloader-asdbiz.biz
12:29 AM:   Quarantining All Traces: trojan-downloader-delf
12:29 AM:   Quarantining All Traces: trojan-downloader-infectedhost
12:29 AM:   Quarantining All Traces: vesbiz downloader
12:29 AM:   Quarantining All Traces: winad
12:29 AM:   Quarantining All Traces: xcp rootkit
12:29 AM:   Quarantining All Traces: 7adpower
12:29 AM:   Quarantining All Traces: aksoft
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: stech.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:34 AM: The Spy Communication shield has blocked access to: dl.web-nexus.net
12:35 AM: Deletion from quarantine initiated
12:35 AM: Processing: 180search assistant/zango
12:35 AM: Processing: 2nd-thought
12:35 AM: Processing: 7adpower
12:35 AM: Processing: aksoft
12:35 AM: Processing: clkoptimizer
12:35 AM: Processing: delfin
12:35 AM: Processing: directrevenue-abetterinternet
12:35 AM: Processing: isearch desktop search
12:35 AM: Processing: letsroll911.org hijacker
12:35 AM: Processing: look2me
12:35 AM: Processing: potentially rootkit-masked files
12:35 AM: Processing: rasmin
12:35 AM: Processing: spysheriff
12:35 AM: Processing: trojan-backdoor-core.psyche-evolution.com
12:35 AM: Processing: trojan-downloader-asdbiz.biz
12:35 AM: Processing: trojan-downloader-delf
12:35 AM: Processing: trojan-downloader-infectedhost
12:35 AM: Processing: trojan-downloader-moneymind
12:35 AM: Processing: websearch toolbar
12:35 AM: Processing: wildmedia
12:35 AM: Processing: winad
12:35 AM: Processing: xcp rootkit
12:35 AM: Deletion from quarantine completed.  Elapsed time 00:00:01
********
11:10 PM: |       Start of Session, Thursday, December 15, 2005       |
11:10 PM: Spy Sweeper started
11:11 PM: Your spyware definitions have been updated.
11:12 PM: |       End of Session, Thursday, December 15, 2005       |

Pages: [1] 2