Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Again CWS_xplugin

Started by dustin , Oct 17 2004 10:46 PM

  • Please log in to reply

#1
dustin
Posted 17 October 2004 - 10:46 PM

dustin

    Member

  • Member
  • PipPip
  • 11 posts
I have been having a problem with adware file CWS_xplugin . I used spysweeper and it tells me the file is located in HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings || proxyoverride . I used spysweeper and deleted it. Went into regedit and took the file out also. I reboot and the file keeps coming back. I have tried spysweeper, spybot, cwsshredder, and hijackthis, and still no luck. Anyone have any ideas to help me get rid of this file?



Logfile of HijackThis v1.98.2
Scan saved at 6.36.43, on 18/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\locator.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Norton AntiVirus\navapw32.exe
C:\Programmi\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\StartupMonitor.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\GSICON.EXE
C:\Programmi\The Cleaner\tcm.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\SpywareGuard\sgmain.exe
C:\Programmi\SpywareGuard\sgbhp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\unieuro\Documenti\no list pro\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Programmi\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Programmi\r2 studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\Norton AntiVirus\navapw32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Search Dictionary - file://\program files\powershell-xp2\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp2\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp2\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp2\search.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SmartWhois\swmsiehlp.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/alice01.home
O17 - HKLM\System\CCS\Services\Tcpip\..\{7071B090-EF25-4E4D-BE47-F48BFAF15006}: NameServer = 217.141.252.203 151.99.125.1


thanks in advance,by

dustin
  • 0

Advertisements

#2
coachwife6
Posted 18 October 2004 - 08:02 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi Dustin. Welcome to GTG. <_<

Sounds like you've been busy. Try one more program and then we'll look at your log again.

Download Ad-aware from: http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#3
dustin
Posted 18 October 2004 - 07:09 PM

dustin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi coach,

Ad-aware can't solve this problem,it does not detect cws_xplugin like Spybots&d,CWshredder and others.Only SpySweeper detects it ,but remove this plugin temporary only.I think all the matter is more complex.It's possible that it creates a new protocol filter for txt\html or deleted some system files. I can't find any file or .dll of this plugin,it seems not existing but websurfing is very slowly(adsl!).I have to remove it (and registry item "proxyoverride") everytime I run IE and everytime I reboot.
Untill now,nobody could have fix this problem because nobody exactly knows what kind of action performed on system and where to find this plugin.Just incredible! I don't know what to do more.Now all I can do is hope for some miracle.Thanks however and by.

dustin
  • 0

#4
coachwife6
Posted 18 October 2004 - 07:35 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
After running Adaware, even if it does not clean anything, post your log and we'll look at it. We can solve your problem. Hang in there buddy. <_<
  • 0

#5
admin
Posted 18 October 2004 - 10:17 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
This looks to be a false positive by SpySweeper to me. CWS_xplugin is an old hijack that should be removed by the latest CWShredder. If you are infected by this Hijack, all your Google searches will be directed to CoolWebSearch pages. Are you experiencing this?
  • 0

#6
dustin
Posted 20 October 2004 - 03:12 PM

dustin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi,

I don't think of false positive,because when this spy is present surfing is very slowly and it tries to redirect probably to coolwebsearch pages.CWShredder doesn't detect cws_xplugin.I used it.It will be also an old spy but untill now nobody
can removed it definitively.However,there is the log:




Ad-Aware SE Build 1.05
Logfile Created on:mercoledì 20 ottobre 2004 18.48.23
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R13 16.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R13 16.10.2004
Internal build : 18
File location : C:\Programmi\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 363648 Bytes
Total size : 1150665 Bytes
Signature data size : 1124607 Bytes
Reference data size : 25546 Bytes
Signatures total : 31779
Fingerprints total : 291
Fingerprints size : 12292 Bytes
Target categories : 15
Target families : 589


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:57 %
Total physical memory:515568 kb
Available physical memory:290156 kb
Total page file size:1259152 kb
Available on page file:1095140 kb
Total virtual memory:2097024 kb
Available virtual memory:2050052 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Create and save WebUpdate log file


20-10-2004 18.48.23 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 440
ThreadCreationTime : 20-10-2004 16.20.51
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\System32\ntdll.dll...

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 20-10-2004 16.20.53
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\System32\sxs.dll...
Scanning Module:C:\Programmi\Webroot\Spy Sweeper\sis.dll...
Scanning Module:C:\WINDOWS\system32\oleaut32.dll...
Scanning Module:C:\WINDOWS\system32\MSVCRT.DLL...
Scanning Module:C:\WINDOWS\system32\OLE32.DLL...

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 20-10-2004 16.20.53
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\System32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\System32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll...
Scanning Module:C:\WINDOWS\System32\odbcint.dll...
Scanning Module:C:\WINDOWS\System32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\System32\sfc_os.dll...
Scanning Module:C:\WINDOWS\System32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\System32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\System32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\System32\uxtheme.dll...
Scanning Module:C:\WINDOWS\System32\WINMM.dll...
Scanning Module:C:\WINDOWS\System32\SYNCOR11.DLL...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\System32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\System32\rsaenh.dll...
Scanning Module:C:\WINDOWS\System32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\System32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\System32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\System32\COMRes.dll...
Scanning Module:C:\WINDOWS\System32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\System32\wdmaud.drv...
Scanning Module:C:\WINDOWS\System32\msacm32.drv...
Scanning Module:C:\WINDOWS\System32\MSACM32.dll...
Scanning Module:C:\WINDOWS\System32\midimap.dll...
Scanning Module:C:\WINDOWS\System32\SSSensor.dll...

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 20-10-2004 16.20.54
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 20-10-2004 16.20.54
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 20-10-2004 16.20.54
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 744
ThreadCreationTime : 20-10-2004 16.20.55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\ATL.DLL...
Scanning Module:c:\windows\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:c:\windows\system32\wbem\wbemcomn.dll...
Scanning Module:C:\WINDOWS\System32\VSSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:C:\WINDOWS\System32\mtxoci.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\rtutils.dll...
Scanning Module:c:\windows\system32\rasmans.dll...
Scanning Module:c:\windows\system32\WINIPSEC.DLL...
Scanning Module:c:\windows\system32\netcfgx.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\TAPI32.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\unimdmat.dll...
Scanning Module:C:\WINDOWS\System32\modemui.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\System32\rasman.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\WZCSvc.DLL...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:C:\WINDOWS\system32\NETSHELL.dll...
Scanning Module:C:\WINDOWS\system32\credui.dll...
Scanning Module:C:\WINDOWS\System32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\System32\msi.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll...

#:8 [smc.exe]
FilePath : C:\Programmi\Sygate\SPF\
ProcessID : 788
ThreadCreationTime : 20-10-2004 16.20.55
BasePriority : Normal
FileVersion : 5.5.00.2525
ProductVersion : 5.5.00.2525
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE
Scanning Module:C:\Programmi\Sygate\SPF\smc.exe...
Scanning Module:C:\Programmi\Sygate\SPF\Trident.dll...
Scanning Module:C:\Programmi\Sygate\SPF\tfman.dll...
Scanning Module:C:\Programmi\Sygate\SPF\tse.dll...
Scanning Module:C:\Programmi\Sygate\SPF\DataMan.dll...
Scanning Module:C:\Programmi\Sygate\SPF\PSSensor.dll...
Scanning Module:C:\Programmi\Sygate\SPF\SpNet.dll...
Scanning Module:C:\Programmi\Sygate\SPF\IdsTrafficPipe.dll...
Scanning Module:C:\Programmi\Sygate\SPF\wpsman.dll...
Scanning Module:C:\Programmi\Sygate\SPF\wsman.dll...
Scanning Module:C:\WINDOWS\System32\snmpapi.dll...
Scanning Module:C:\Programmi\Sygate\SPF\SyLog.dll...
Scanning Module:C:\Programmi\Sygate\SPF\Netport.dll...
Scanning Module:C:\Programmi\Sygate\SPF\wgman.dll...
Scanning Module:C:\Programmi\Sygate\SPF\SyLink.dll...
Scanning Module:C:\WINDOWS\System32\oledlg.dll...
Scanning Module:C:\WINDOWS\System32\OLEPRO32.DLL...
Scanning Module:C:\WINDOWS\System32\VDMDBG.DLL...
Scanning Module:C:\WINDOWS\System32\RICHED32.DLL...
Scanning Module:C:\WINDOWS\System32\RICHED20.dll...

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 952
ThreadCreationTime : 20-10-2004 16.20.57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1016
ThreadCreationTime : 20-10-2004 16.20.57
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
Scanning Module:C:\WINDOWS\system32\LEXBCES.EXE...
Scanning Module:C:\WINDOWS\system32\lexp2p32.dll...
Scanning Module:C:\WINDOWS\system32\lex2kusb.dll...

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 20-10-2004 16.20.57
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\CNMLM47.DLL...
Scanning Module:C:\WINDOWS\system32\LEXLMPM.DLL...
Scanning Module:C:\WINDOWS\system32\LexBce.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\system32\virport.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD47.DLL...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxbhPP5C.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...
Scanning Module:C:\WINDOWS\system32\icmp.dll...
Scanning Module:C:\WINDOWS\system32\LXBHpwr.dll...

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1144
ThreadCreationTime : 20-10-2004 16.20.58
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\System32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\System32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\System32\themeui.dll...
Scanning Module:C:\WINDOWS\System32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\System32\ntshrui.dll...
Scanning Module:C:\WINDOWS\System32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\System32\webcheck.dll...
Scanning Module:C:\WINDOWS\System32\stobject.dll...
Scanning Module:C:\WINDOWS\System32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:C:\WINDOWS\System32\printui.dll...
Scanning Module:C:\WINDOWS\System32\CFGMGR32.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\WINDOWS\System32\browselc.dll...
Scanning Module:C:\Programmi\Popup Manager\PopupMgr_1.0.2.1P.dll...
Scanning Module:C:\WINDOWS\Release_Ansi\MP3ext.dll...
Scanning Module:C:\WINDOWS\System32\MSVCR70.dll...
Scanning Module:C:\WINDOWS\System32\MSVCP70.dll...
Scanning Module:C:\WINDOWS\System32\shdoclc.dll...
Scanning Module:C:\WINDOWS\System32\mydocs.dll...
Scanning Module:C:\WINDOWS\System32\shmedia.dll...
Scanning Module:C:\WINDOWS\System32\MSVFW32.dll...
Scanning Module:C:\WINDOWS\System32\AVIFIL32.dll...

#:13 [navapsvc.exe]
FilePath : C:\Programmi\Norton AntiVirus\
ProcessID : 1184
ThreadCreationTime : 20-10-2004 16.20.58
BasePriority : Normal
FileVersion : 8.00.58
ProductVersion : 8.00.58
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2001 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
Scanning Module:C:\Programmi\Norton AntiVirus\navapsvc.exe...

#:14 [locator.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 20-10-2004 16.20.58
BasePriority : Normal
FileVersion : 5.1.2600.1147 (xpsp2.021108-1929)
ProductVersion : 5.1.2600.1147
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : locator.exe
Scanning Module:C:\WINDOWS\System32\locator.exe...

#:15 [smagent.exe]
FilePath : C:\Programmi\Analog Devices\SoundMAX\
ProcessID : 1276
ThreadCreationTime : 20-10-2004 16.20.59
BasePriority : Normal
FileVersion : 3, 2, 4, 0
ProductVersion : 3, 2, 4, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
Scanning Module:C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe...

#:16 [navapw32.exe]
FilePath : C:\PROGRA~1\Norton AntiVirus\
ProcessID : 1776
ThreadCreationTime : 20-10-2004 16.21.21
BasePriority : Normal
FileVersion : 8.00.58
ProductVersion : 8.00.58
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2001 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
Scanning Module:C:\PROGRA~1\Norton AntiVirus\navapw32.exe...
Scanning Module:C:\PROGRA~1\Norton AntiVirus\apwutil.dll...
Scanning Module:C:\PROGRA~1\Norton AntiVirus\apwcmdnt.dll...
Scanning Module:C:\PROGRA~1\Norton AntiVirus\DefAlert.dll...
Scanning Module:C:\PROGRA~1\Norton AntiVirus\NAVProxy.dll...
Scanning Module:C:\WINDOWS\System32\SYMREDIR.dll...

#:17 [teatimer.exe]
FilePath : C:\Programmi\Spybot - Search & Destroy\
ProcessID : 1832
ThreadCreationTime : 20-10-2004 16.21.27
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
Scanning Module:C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe...
Scanning Module:C:\WINDOWS\System32\hhctrl.ocx...
Scanning Module:C:\WINDOWS\System32\mui\0010\hhctrlui.dll...

#:18 [winpatrol.exe]
FilePath : C:\Programmi\BillP Studios\WinPatrol\
ProcessID : 1912
ThreadCreationTime : 20-10-2004 16.21.29
BasePriority : Normal
FileVersion : 8, 0, 0, 8
ProductVersion : 8.0.0.8
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2004 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.
Scanning Module:C:\Programmi\BillP Studios\WinPatrol\WinPatrol.exe...
Scanning Module:C:\WINDOWS\System32\mstask.dll...
Scanning Module:C:\WINDOWS\System32\xpsp2res.dll...

#:19 [startupmonitor.exe]
FilePath : C:\WINDOWS\
ProcessID : 1992
ThreadCreationTime : 20-10-2004 16.21.31
BasePriority : Normal

Scanning Module:C:\WINDOWS\StartupMonitor.exe...

#:20 [spysweeper.exe]
FilePath : C:\Programmi\Webroot\Spy Sweeper\
ProcessID : 2020
ThreadCreationTime : 20-10-2004 16.21.32
BasePriority : Normal
FileVersion : 3.0.0.129
ProductVersion : 3.0i
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
Scanning Module:C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe...
Scanning Module:C:\Programmi\Webroot\Spy Sweeper\Language.dll...

#:21 [gsicon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 232
ThreadCreationTime : 20-10-2004 16.21.35
BasePriority : Normal
FileVersion : 3.1.0
ProductVersion : 3.1.0
ProductName : DSL Modem
CompanyName : GlobeSpan, Inc.
FileDescription : DSL Modem Monitor
InternalName : GSICON.EXE
LegalCopyright : Copyright © 2001 GlobeSpan, Inc.
OriginalFilename : GSICON.EXE
Scanning Module:C:\WINDOWS\System32\GSICON.EXE...

#:22 [tcm.exe]
FilePath : C:\Programmi\The Cleaner\
ProcessID : 288
ThreadCreationTime : 20-10-2004 16.21.40
BasePriority : Normal
FileVersion : 2.1.0.2043
ProductVersion : 2.1.0.0
ProductName : TC Monitor
CompanyName : MooSoft Development
FileDescription : The Cleaner Registry and File Monitor
InternalName : TCMonitor
LegalCopyright : 2000-2004 MooSoft Development
OriginalFilename : tcm.exe
Comments : http://www.moosoft.com
Scanning Module:C:\Programmi\The Cleaner\tcm.exe...
Scanning Module:C:\WINDOWS\System32\appwiz.cpl...
Scanning Module:C:\WINDOWS\System32\DUSER.dll...
Scanning Module:C:\WINDOWS\System32\OLEACC.dll...

#:23 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 964
ThreadCreationTime : 20-10-2004 16.48.00
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\windows\currentversion\applets\regedit\favorites
Description : registry editor favorites


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2424629274-914090876-3233042676-1006\software\microsoft\ntbackup\log files
Description : list of recent logfiles in microsoft backup


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\BEATLES\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\CARMELO BENE\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\CHARLIE PARKER\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\CLASSIQUE\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\ELLA FITGERALD\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\ELVIS PRESLEY\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\FRANCE\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\FRANK SINATRA-DEAN MARTIN\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\GROUP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\ITALY\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\JAZZ GUITAR\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\JAZZ ONE\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\JAZZ TWO\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\LATIN\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\LOUIS ARMSTRONG\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\OTHER MUSIK\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\POP-ROCK ONE\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\POP-ROCK TWO\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\RECYCLER\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\SINGERS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\STONES\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\System Volume Information\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\VIDEOS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Disk Scan Result for F:\ZZ-VARI\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4752 entries scanned.
New critical objects:0
Objects found so far: 13




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

19.03.36 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.15.13.234
Objects scanned:145233
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#7
lotuseclat79
Posted 21 October 2004 - 01:58 PM

lotuseclat79

    New Member

  • Member
  • Pip
  • 2 posts
Hi Dustin,

Check out post #5 in this forum for web page URL: http://www.geekstogo...topic-4361.html

The solution seems to be to upgrade to the latest SpySweeper to solve this problem with CWS_xplugin.

I am having the same problem with CWS_xplugin and found the above URL and the URL to this web page by searching the Web with Momma Metasearch, the mother of all search engines at http://www.mamma.com for both CWS_xplugin and CWS.xplugin.

I use a variant of SpySweeper from Earthlink (a Webroot partner) named SpywareBlocker which is v2.2 whereas the person running v3.0 needed to upgrade to v3.2 to get the solution.

I hope the solution works for us.

Ciao,

-- Tom
  • 0

#8
dustin
Posted 22 October 2004 - 01:52 PM

dustin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi Dustin,

Check out post #5 in this forum for web page URL: http://www.geekstogo...topic-4361.html

The solution seems to be to upgrade to the latest SpySweeper to solve this problem with CWS_xplugin.

I am having the same problem with CWS_xplugin and found the above URL and the URL to this web page by searching the Web with Momma Metasearch, the mother of all search engines at http://www.mamma.com for both CWS_xplugin and CWS.xplugin.

I use a variant of SpySweeper from Earthlink (a Webroot partner) named SpywareBlocker which is v2.2 whereas the person running v3.0 needed to upgrade to v3.2 to get the solution.

I hope the solution works for us.

Ciao,

-- Tom

View Post



Hi tom,

I updated to version 3.2 and problem seems to be solved.Seems,because this version don't detects anymore cws_xplugin and I don't knoow if it has been deleted or there is again.However is the matter,websurfing now is good and there are not redirections.Thanks for your help.
Now,I run spyaudit online(Spyblocker site) and find this Hitbox cookie

Spy #f4f85 -- Research In Progress


Adaware,SpyBot and SpyWeeper don't detect it .I don't know how to delete.
Have you another tip for this?

dustin
  • 0

#9
lotuseclat79
Posted 22 October 2004 - 02:57 PM

lotuseclat79

    New Member

  • Member
  • Pip
  • 2 posts

Hi Dustin,

Check out post #5 in this forum for web page URL: http://www.geekstogo...topic-4361.html

The solution seems to be to upgrade to the latest SpySweeper to solve this problem with CWS_xplugin.

I am having the same problem with CWS_xplugin and found the above URL and the URL to this web page by searching the Web with Momma Metasearch, the mother of all search engines at http://www.mamma.com for both CWS_xplugin and CWS.xplugin.

I use a variant of SpySweeper from Earthlink (a Webroot partner) named SpywareBlocker which is v2.2 whereas the person running v3.0 needed to upgrade to v3.2 to get the solution.

I hope the solution works for us.

Ciao,

-- Tom

View Post



Hi tom,

I updated to version 3.2 and problem seems to be solved.Seems,because this version don't detects anymore cws_xplugin and I don't knoow if it has been deleted or there is again.However is the matter,websurfing now is good and there are not redirections.Thanks for your help.
Now,I run spyaudit online(Spyblocker site) and find this Hitbox cookie

Spy #f4f85 -- Research In Progress


Adaware,SpyBot and SpyWeeper don't detect it .I don't know how to delete.
Have you another tip for this?

dustin

View Post


Dustin,

I am an EarthLink subscriber with SpywareBlocker v2.2.0, build 44, spyware definitions 403. I got the trial v3.2 of SpySweeper from Webroot's download site.
I run Win98SE.
Here's the results:
1) SpywareBlocker detects CWS_xplugin and allows temporary disabling of CWS_xplugin (my current problem as it is very persistent at coming back)
2) You have to turn off SpywareBlocker (use task panel to kill the process)
3) I had to uninstall SpySweeper, kill SpywareBlocker, then reinstall SpySweeper then update to definitions 404 prior to running a full system sweep (scan)
4) SpySweeper v3.2, definitions 404 does not detect CWS_xplugin.
5) If you bought v3.2 from Webroot, and your scan detected and quarantined CWS_xplugin, then you are probably ok with SpySweeper's shields and defs 405.
6) Since I have the trial v3.2 of SpySweeper, Webroot is mailing me SpySweeper w/defs 405 - I can only hope that EarthLink's mail software can handle it.

I verified that CWS_xplugin was still there after my first scan with the trial v3.2 of SpySweeper by reloading/reinstalling SpywareBlocker with defs 403 - it detected CWS_xplugin.

If you bought the product v3.2 of SpySweeper, can you tell me the files it detected?

Thanks,

-- Tom

P.S. If you only have the trial v3.2 of SpySweeper (like myself), you may not be able to detect that CWS_xplugin is there.

My only hope may be to buy SpySweeper - it appears that Marketing and Sales at Webroot have the upper hand on what they allow on their servers for trial software.

I have no information on Spy #f4f85
  • 0

#10
dustin
Posted 23 October 2004 - 06:28 PM

dustin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi Dustin,

Check out post #5 in this forum for web page URL: http://www.geekstogo...topic-4361.html

The solution seems to be to upgrade to the latest SpySweeper to solve this problem with CWS_xplugin.

I am having the same problem with CWS_xplugin and found the above URL and the URL to this web page by searching the Web with Momma Metasearch, the mother of all search engines at http://www.mamma.com for both CWS_xplugin and CWS.xplugin.

I use a variant of SpySweeper from Earthlink (a Webroot partner) named SpywareBlocker which is v2.2 whereas the person running v3.0 needed to upgrade to v3.2 to get the solution.

I hope the solution works for us.

Ciao,

-- Tom

View Post



Hi tom,

I updated to version 3.2 and problem seems to be solved.Seems,because this version don't detects anymore cws_xplugin and I don't knoow if it has been deleted or there is again.However is the matter,websurfing now is good and there are not redirections.Thanks for your help.
Now,I run spyaudit online(Spyblocker site) and find this Hitbox cookie

Spy #f4f85 -- Research In Progress


Adaware,SpyBot and SpyWeeper don't detect it .I don't know how to delete.
Have you another tip for this?

dustin

View Post


Dustin,

I am an EarthLink subscriber with SpywareBlocker v2.2.0, build 44, spyware definitions 403. I got the trial v3.2 of SpySweeper from Webroot's download site.
I run Win98SE.
Here's the results:
1) SpywareBlocker detects CWS_xplugin and allows temporary disabling of CWS_xplugin (my current problem as it is very persistent at coming back)
2) You have to turn off SpywareBlocker (use task panel to kill the process)
3) I had to uninstall SpySweeper, kill SpywareBlocker, then reinstall SpySweeper then update to definitions 404 prior to running a full system sweep (scan)
4) SpySweeper v3.2, definitions 404 does not detect CWS_xplugin.
5) If you bought v3.2 from Webroot, and your scan detected and quarantined CWS_xplugin, then you are probably ok with SpySweeper's shields and defs 405.
6) Since I have the trial v3.2 of SpySweeper, Webroot is mailing me SpySweeper w/defs 405 - I can only hope that EarthLink's mail software can handle it.

I verified that CWS_xplugin was still there after my first scan with the trial v3.2 of SpySweeper by reloading/reinstalling SpywareBlocker with defs 403 - it detected CWS_xplugin.

If you bought the product v3.2 of SpySweeper, can you tell me the files it detected?

Thanks,

-- Tom

P.S. If you only have the trial v3.2 of SpySweeper (like myself), you may not be able to detect that CWS_xplugin is there.

My only hope may be to buy SpySweeper - it appears that Marketing and Sales at Webroot have the upper hand on what they allow on their servers for trial software.

I have no information on Spy #f4f85

View Post



hi tom.

I had SpySweeper 3.0, I don't remember if 403 or other,and it detected ,quarantined and deleted cws_xplugin but not definitively.Everytime I reboot was still there.Websurfing was very slowly and it tries to redirect....
So I uninstalled 3.0 and now I have
installed v.3.2,build 416,def.405.I have scanned and I haven't found anything.I don't know if the plugin is still there,but surfing is very good and without
problems,then I presume to have definitively deleted cws_xplugin,I hope...
Sincerly, I don't understand how that happened,given that 3.2\405 doesn't detect it.I run xp home(Is it possible to have only Spyblocker and not the entire suite?)

PS-delete all temp files(in all folders) and index .dat files.See also how is host file.

dustin
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP