[bondzai]

Spysweeper is reporting nothing. I haven't started Internet Explorer yet and am using a different browser.

So far it looks good. There was that one thing in Adaware, the About Blank.

I can redo adaware and see if it is clean and launch my browser after that.

[Advertisements]

That thing I set to disable is still disabled I suppose.

[bondzai]

That thing I set to disable is still disabled I suppose.

[admin]

I don't see any services to be concerned about. Let's see a new Hijack This log.

[bondzai]

I am getting one registry file deal on Adaware... ok, I will do the hijack this file. According to Webroot, I am clean.... man, they would pay you a gazillion dollars to work there ..... they have engineers around the clock working on this.

[bondzai]

Logfile of HijackThis v1.98.2
Scan saved at 3:40:48 PM, on 8/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\pxc03\My Documents\falundafa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe" 001
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.sitetracking.info/cttdl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform...ins/OFMailX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com

[bondzai]

Webroot wants to reset my explorer but it seems to be working so I don't know if that is smart.

I am afraid to reboot.

Lavasoft report follows is also clean... man this is awesome!

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:Friday, August 27, 2004 3:40:17 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R5 22.08.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):33 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


8-27-2004 3:40:17 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 196
ThreadCreationTime : 8-27-2004 7:04:33 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 220
ThreadCreationTime : 8-27-2004 7:04:39 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 240
ThreadCreationTime : 8-27-2004 7:04:42 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 268
ThreadCreationTime : 8-27-2004 7:04:44 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 280
ThreadCreationTime : 8-27-2004 7:04:44 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [scardsvr.exe]
FilePath : C:\WINNT\System32\
ProcessID : 408
ThreadCreationTime : 8-27-2004 7:04:47 PM
BasePriority : Normal
FileVersion : 5.00.2195.6609
ProductVersion : 5.00.2195.6609
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : SCardSvr.exe

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 488
ThreadCreationTime : 8-27-2004 7:04:54 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 520
ThreadCreationTime : 8-27-2004 7:04:54 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:9 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 552
ThreadCreationTime : 8-27-2004 7:04:54 PM
BasePriority : Normal


#:10 [dkservice.exe]
FilePath : C:\Program Files\Executive Software\DiskeeperWorkstation\
ProcessID : 568
ThreadCreationTime : 8-27-2004 7:04:54 PM
BasePriority : Normal
FileVersion : 6.0.377.0
ProductVersion : 6.0.377.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2000 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:11 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 592
ThreadCreationTime : 8-27-2004 7:04:55 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:12 [hidserv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 616
ThreadCreationTime : 8-27-2004 7:04:55 PM
BasePriority : Normal
FileVersion : 5.00.2195.6655
ProductVersion : 5.00.2195.6655
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : HIDSERV.EXE

#:13 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 636
ThreadCreationTime : 8-27-2004 7:04:56 PM
BasePriority : Normal
FileVersion : 3.0.0.595
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:14 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 720
ThreadCreationTime : 8-27-2004 7:04:57 PM
BasePriority : High


#:15 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 736
ThreadCreationTime : 8-27-2004 7:04:58 PM
BasePriority : Normal


#:16 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 796
ThreadCreationTime : 8-27-2004 7:05:00 PM
BasePriority : Normal
FileVersion : 3.0.0.595
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:17 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 860
ThreadCreationTime : 8-27-2004 7:05:05 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:18 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 944
ThreadCreationTime : 8-27-2004 7:05:07 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:19 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 972
ThreadCreationTime : 8-27-2004 7:05:07 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:20 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 1036
ThreadCreationTime : 8-27-2004 7:05:08 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:21 [wltrysvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1044
ThreadCreationTime : 8-27-2004 7:05:08 PM
BasePriority : Normal


#:22 [mspmspsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1056
ThreadCreationTime : 8-27-2004 7:05:08 PM
BasePriority : Normal
FileVersion : 7.10.00.3059
ProductVersion : 7.10.00.3059
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:23 [bcmwltry.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1064
ThreadCreationTime : 8-27-2004 7:05:08 PM
BasePriority : Normal
FileVersion : 3.20.23.0
ProductVersion : 3.20.23.0
ProductName : Wireless Network Tray Applet
CompanyName : Broadcom Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Broadcom Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:24 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1076
ThreadCreationTime : 8-27-2004 7:05:08 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:25 [wzcbdls.exe]
FilePath : C:\Program Files\WZCBDL Service\
ProcessID : 1088
ThreadCreationTime : 8-27-2004 7:05:08 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 20319
ProductVersion : 1, 0, 0, 20319
ProductName : WZCBDLService Launcher (NT)
CompanyName : D-Link
FileDescription : WZCBDLService Launcher
InternalName : WZCBDLS
LegalCopyright : Copyright © 2002, D-Link Corporation
OriginalFilename : WZCBDLS.exe

#:26 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1360
ThreadCreationTime : 8-27-2004 7:05:30 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:27 [carpserv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1476
ThreadCreationTime : 8-27-2004 7:05:37 PM
BasePriority : Normal
FileVersion : 6.00.09.00
ProductVersion : 6.00.09.00
ProductName : Conexant carpserv
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe

#:28 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 1484
ThreadCreationTime : 8-27-2004 7:05:37 PM
BasePriority : Normal
FileVersion : 5.4.101.113
ProductVersion : 5.4.101.113
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:29 [zmailln.exe]
FilePath : C:\Program Files\MK Net Work\ZipMail LN\
ProcessID : 1512
ThreadCreationTime : 8-27-2004 7:05:38 PM
BasePriority : Normal


#:30 [createcd50.exe]
FilePath : C:\Program Files\Common Files\Adaptec Shared\CreateCD\
ProcessID : 1528
ThreadCreationTime : 8-27-2004 7:05:40 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Roxio Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1999-2002 Roxio, Inc.
OriginalFilename : createcd.exe

#:31 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1592
ThreadCreationTime : 8-27-2004 7:05:43 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:32 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 1600
ThreadCreationTime : 8-27-2004 7:05:43 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:33 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1464
ThreadCreationTime : 8-27-2004 7:05:44 PM
BasePriority : Normal


#:34 [em_exec.exe]
FilePath : C:\Program Files\Logitech\MouseWare\system\
ProcessID : 1548
ThreadCreationTime : 8-27-2004 7:05:45 PM
BasePriority : Normal
FileVersion : 9.76.046
ProductVersion : 9.76.046
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:35 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1220
ThreadCreationTime : 8-27-2004 7:05:46 PM
BasePriority : Normal
FileVersion : 3.0.0.595
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:36 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1500
ThreadCreationTime : 8-27-2004 7:05:48 PM
BasePriority : Normal
FileVersion : 6.14.10.4000
ProductVersion : 6.14.10.4000
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:37 [aircfg.exe]
FilePath : C:\Program Files\D-Link\Air Utility\
ProcessID : 1288
ThreadCreationTime : 8-27-2004 7:05:51 PM
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE

#:38 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1580
ThreadCreationTime : 8-27-2004 7:05:55 PM
BasePriority : Normal
FileVersion : 3.0.0.129
ProductVersion : 3.0i
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:39 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1228
ThreadCreationTime : 8-27-2004 7:05:56 PM
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:40 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 1616
ThreadCreationTime : 8-27-2004 7:05:58 PM
BasePriority : Normal
FileVersion : 3.7.1.4034
ProductVersion : 3.7.4034
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:41 [msoffice.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 1668
ThreadCreationTime : 8-27-2004 7:06:05 PM
BasePriority : Normal


#:42 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 1180
ThreadCreationTime : 8-27-2004 7:06:35 PM
BasePriority : Normal


#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 756
ThreadCreationTime : 8-27-2004 7:37:02 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Documents and Settings\pxc03\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\pxc03\recent
Description : list of recently opened documents



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 33




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33

3:42:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:03.668
Objects scanned:65854
Objects identified:0
Objects ignored:0
New critical objects:0

[bondzai]

Looks very good sir. Thanks a million. Where do I donate? Do you think I am clean?

[Hemal]

you look pretty sparkling clean to me- im sure one of the other mods will come by and make sure that your ok

to donate there will be a link in my signature- just follow the instructions, we really appritiate your contribution

[admin]

man, they would pay you a gazillion dollars to work there

I'll take it!

Congratulations! Your system is CLEAN

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.geekstogo...tion=show&id=12

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend Firefox.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.

[bondzai]

where from in CT? I am originally from Simsbury and lived in West Hartford before moving to Oz... (Kansas)....

[Hemal]

next town over- ur rivals lol

its so funny to find someone like this

[bondzai]

ok, I donated and got the spywareblaster but the Sun's Java won't install with either Firefox or with Explorer.

[admin]

Thanks from all Geeks to Go members for the generous donation!

Did you try installing Java here? http://java.com/en/index.jsp

What kind of errors are you getting?

[bondzai]

when I get back on the laptop I will try again.

Thanks so much for cleaning out that CWS_NS3

Webroot and Lavasoft and the others were unable to do what you did.

Thanks Again!

[bondzai]

my spysweeper says I am clean but the new Lavasoft Ad-Aware SE says:

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:Tuesday, August 31, 2004 9:07:15 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R6 30.08.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):20 total references
MRU List(TAC index:0):34 total references
Tracking Cookie(TAC index:3):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


8-31-2004 9:07:15 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-1000\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3318501174-95796947-4237620017-