Thanks for your help! Here are the logs you requested:
Spysweeper Log:
********
9:40 AM: |··· Start of Session, Saturday, August 06, 2005 ···|
9:40 AM: Spy Sweeper started
9:40 AM: Sweep initiated using definitions version 511
9:40 AM: Starting Memory Sweep
9:40 AM: Memory Sweep Complete, Elapsed Time: 00:00:41
9:40 AM: Starting Registry Sweep
9:40 AM: Found Adware: esyndicate bho
9:40 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\esyn\ (7 subtraces) (ID = 125844)
9:40 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\esyn\ (7 subtraces) (ID = 125844)
9:41 AM: Found Adware: ieplugin
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\intexp\ (2 subtraces) (ID = 128173)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\intexp\ (13 subtraces) (ID = 128173)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1009\software\intexp\ (12 subtraces) (ID = 128173)
9:41 AM: Found Adware: drsnsrch.com hijack
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1009\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
9:41 AM: Found Adware: instafinder
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\instafin\ (13 subtraces) (ID = 128665)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\instafin\ (10 subtraces) (ID = 128665)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1009\software\instafin\ (7 subtraces) (ID = 128665)
9:41 AM: Found Adware: internetoptimizer
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\avenue media\ (ID = 128887)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\avenue media\ (ID = 128887)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\policies\avenue media\ (ID = 128928)
9:41 AM: Found Adware: istbar
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\ist\ (4 subtraces) (ID = 129108)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\ist\ (4 subtraces) (ID = 129108)
9:41 AM: HKLM\software\istbar\ (7 subtraces) (ID = 129110)
9:41 AM: Found Adware: 180search assistant/zango
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\sais\ (16 subtraces) (ID = 135790)
9:41 AM: Found Adware: powerscan
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\powerscan\ (1 subtraces) (ID = 136823)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\powerscan\ (1 subtraces) (ID = 136823)
9:41 AM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826)
9:41 AM: Found Adware: roings search enhancment
9:41 AM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (23 subtraces) (ID = 140032)
9:41 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
9:41 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
9:41 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
9:41 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
9:41 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
9:41 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
9:41 AM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
9:41 AM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
9:41 AM: Found Adware: bho_sep
9:41 AM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\sep\ (9 subtraces) (ID = 141642)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\sep\ (9 subtraces) (ID = 141642)
9:41 AM: Found Adware: bho_sidefind
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
9:41 AM: HKU\S-1-5-21-4062979932-1903605263-4177129089-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
9:41 AM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
9:41 AM: Found Adware: shopnav.com hijacker
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 142268)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1009\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 142268)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\main\ || search page (ID = 142269)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1009\software\microsoft\internet explorer\main\ || search page (ID = 142269)
9:41 AM: Found Trojan Horse: topconverting downloader
9:41 AM: HKLM\software\classes\tpusn\ (1 subtraces) (ID = 143805)
9:41 AM: HKCR\tpusn\ (1 subtraces) (ID = 143835)
9:41 AM: Found Adware: abetterinternet
9:41 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
9:41 AM: Found Adware: webrebates
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1009\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
9:41 AM: Found Adware: websearch toolbar
9:41 AM: HKCR\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 146339)
9:41 AM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 146402)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
9:41 AM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_esies\ (4 subtraces) (ID = 146511)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\toolbar\ (1 subtraces) (ID = 146513)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\wintools\ (11 subtraces) (ID = 146514)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\wintools\ (13 subtraces) (ID = 146514)
9:41 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\wintools\URLSearchHooks (ID = 146545)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\wintools\URLSearchHooks (ID = 146545)
9:41 AM: Found Adware: wildmedia
9:41 AM: HKLM\software\microsoft\windows\currentversion\uninstall\wbcm\ (4 subtraces) (ID = 146959)
9:41 AM: Found Adware: yoursitebar
9:41 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
9:41 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
9:41 AM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 155047)
9:41 AM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\ (5 subtraces) (ID = 155058)
9:41 AM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155060)
9:41 AM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155062)
9:41 AM: Found Adware: surf accuracy
9:41 AM: HKLM\software\sacc\ (5 subtraces) (ID = 203068)
9:41 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
9:41 AM: Found Adware: winad
9:41 AM: HKLM\software\media gateway\ (7 subtraces) (ID = 359545)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1007\software\aurora\ (29 subtraces) (ID = 360174)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\aurora\ (28 subtraces) (ID = 360174)
9:41 AM: HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
9:41 AM: Registry Sweep Complete, Elapsed Time:00:00:18
9:41 AM: Starting Cookie Sweep
9:41 AM: Found Spy Cookie: yieldmanager cookie
9:41 AM:
[email protected][1].txt (ID = 3751)
9:41 AM: Found Spy Cookie: starpulse cookie
9:41 AM:
[email protected][2].txt (ID = 3440)
9:41 AM: Found Spy Cookie: atwola cookie
9:41 AM: administrator@atwola[1].txt (ID = 2255)
9:41 AM: Found Spy Cookie: com.com cookie
9:41 AM: administrator@com[2].txt (ID = 2445)
9:41 AM: Found Spy Cookie: go.com cookie
9:41 AM: administrator@go[1].txt (ID = 2728)
9:41 AM: Found Spy Cookie: realmedia cookie
9:41 AM: administrator@realmedia[1].txt (ID = 3235)
9:41 AM: Found Spy Cookie: onestat.com cookie
9:41 AM:
[email protected][2].txt (ID = 3098)
9:41 AM: Found Spy Cookie: paypal cookie
9:41 AM:
[email protected][1].txt (ID = 3118)
9:41 AM: Found Spy Cookie: 2o7.net cookie
9:41 AM: authorized user@2o7[1].txt (ID = 1957)
9:41 AM: Found Spy Cookie: advertising cookie
9:41 AM: authorized user@advertising[2].txt (ID = 2175)
9:41 AM: Found Spy Cookie: servedby advertising cookie
9:41 AM: authorized
[email protected][1].txt (ID = 3335)
9:41 AM: libby@2o7[1].txt (ID = 1957)
9:41 AM: Found Spy Cookie: tribalfusion cookie
9:41 AM:
[email protected][1].txt (ID = 3590)
9:41 AM: Found Spy Cookie: about cookie
9:41 AM: libby@about[2].txt (ID = 2037)
9:41 AM: Found Spy Cookie: adrevolver cookie
9:41 AM: libby@adrevolver[1].txt (ID = 2088)
9:41 AM: libby@adrevolver[2].txt (ID = 2088)
9:41 AM: Found Spy Cookie: addynamix cookie
9:41 AM:
[email protected][1].txt (ID = 2062)
9:41 AM: libby@advertising[2].txt (ID = 2175)
9:41 AM: Found Spy Cookie: ask cookie
9:41 AM: libby@ask[1].txt (ID = 2245)
9:41 AM: Found Spy Cookie: atlas dmt cookie
9:41 AM: libby@atdmt[2].txt (ID = 2253)
9:41 AM: Found Spy Cookie: belnk cookie
9:41 AM:
[email protected][2].txt (ID = 2293)
9:41 AM: Found Spy Cookie: banner cookie
9:41 AM: libby@banner[1].txt (ID = 2276)
9:41 AM: libby@belnk[1].txt (ID = 2292)
9:41 AM: Found Spy Cookie: casalemedia cookie
9:41 AM: libby@casalemedia[1].txt (ID = 2354)
9:41 AM: libby@com[2].txt (ID = 2445)
9:41 AM:
[email protected][2].txt (ID = 2293)
9:41 AM: Found Spy Cookie: fastclick cookie
9:41 AM: libby@fastclick[2].txt (ID = 2651)
9:41 AM: libby@go[1].txt (ID = 2728)
9:41 AM:
[email protected][1].txt (ID = 2729)
9:41 AM: Found Spy Cookie: valuead cookie
9:41 AM:
[email protected][2].txt (ID = 3627)
9:41 AM: Found Spy Cookie: questionmarket cookie
9:41 AM: libby@questionmarket[1].txt (ID = 3217)
9:41 AM: libby@realmedia[2].txt (ID = 3235)
9:41 AM:
[email protected][1].txt (ID = 3335)
9:41 AM:
[email protected][1].txt (ID = 2038)
9:41 AM: Found Spy Cookie: statstracking cookie
9:41 AM: libby@stats-tracking[2].txt (ID = 3453)
9:41 AM: Found Spy Cookie: targetnet cookie
9:41 AM: libby@targetnet[1].txt (ID = 3489)
9:41 AM: Found Spy Cookie: trafficmp cookie
9:41 AM: libby@trafficmp[1].txt (ID = 3581)
9:41 AM: libby@tribalfusion[1].txt (ID = 3589)
9:41 AM: ted@advertising[2].txt (ID = 2175)
9:41 AM:
[email protected][1].txt (ID = 3335)
9:41 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
9:41 AM: Starting File Sweep
9:41 AM: c:\documents and settings\libby\start menu\programs\power scan (1 subtraces) (ID = -2147480462)
9:41 AM: Found Adware: shopathomeselect
9:41 AM: c:\windows\system32\sahimages (8 subtraces) (ID = -2147480329)
9:41 AM: Found Trojan Horse: 2nd-thought
9:41 AM: c:\windows\system32\newmsrdk (ID = -2147481534)
9:41 AM: c:\documents and settings\authorized user\start menu\programs\power scan (1 subtraces) (ID = -2147480462)
9:42 AM: Found Adware: apropos
9:42 AM: exec.exe (ID = 50118)
9:42 AM: wbcmuninst_helper.exe (ID = 88922)
9:42 AM: wbcmuninst.exe (ID = 88921)
9:42 AM: Found Adware: dealhelper
9:42 AM: tpujmck2.xml (ID = 57648)
9:43 AM: tpujmcu.xml (ID = 57649)
9:44 AM: power scan.lnk (ID = 72676)
9:44 AM: power scan.lnk (ID = 72676)
9:45 AM: Found Adware: clearsearch
9:45 AM: 66708108.txt (ID = 116398)
9:45 AM: npzango.dll (ID = 107552)
9:45 AM: Found Adware: redvpopup
9:45 AM: tarball.wav (ID = 73686)
9:46 AM: tpujmcu2.xml (ID = 57651)
9:46 AM: tpujmck.xml (ID = 57646)
9:46 AM: tpujmck1.xml (ID = 57647)
9:46 AM: tpujmcu1.xml (ID = 57650)
9:48 AM: Found Adware: sexfiles dialers
9:48 AM: dating.lnk (ID = 75396)
9:48 AM: dating.lnk (ID = 75396)
9:48 AM: power scan.lnk (ID = 72676)
9:48 AM: dating.lnk (ID = 75396)
9:48 AM: dc56.txt (ID = 90430)
9:48 AM: tarball.wav (ID = 73686)
9:48 AM: tpujmcdk.xml (ID = 57645)
9:48 AM: 23353442.bin (ID = 116395)
9:48 AM: 40754594.txt (ID = 52512)
9:48 AM: 67599164.bin (ID = 52512)
9:48 AM: Warning: Failed to read file "c:\documents and settings\ted\local settings\temp\~df3abb.tmp". System Error. Code: 2.
The system cannot find the file specified
9:48 AM: Warning: Failed to read file "c:\documents and settings\ted\local settings\temp\~df9b3a.tmp". System Error. Code: 2.
The system cannot find the file specified
9:48 AM: sepsd.bin (ID = 75367)
9:48 AM: File Sweep Complete, Elapsed Time: 00:07:29
9:48 AM: Full Sweep has completed. Elapsed time 00:08:36
9:48 AM: Traces Found: 497
9:50 AM: Removal process initiated
9:50 AM: Quarantining All Traces: esyndicate bho
9:51 AM: Quarantining All Traces: ieplugin
9:51 AM: Quarantining All Traces: drsnsrch.com hijack
9:51 AM: Quarantining All Traces: instafinder
9:51 AM: Quarantining All Traces: internetoptimizer
9:51 AM: Quarantining All Traces: istbar
9:51 AM: Quarantining All Traces: 180search assistant/zango
9:51 AM: Quarantining All Traces: powerscan
9:51 AM: Quarantining All Traces: roings search enhancment
9:52 AM: Quarantining All Traces: bho_sep
9:52 AM: Quarantining All Traces: bho_sidefind
9:52 AM: Quarantining All Traces: shopnav.com hijacker
9:52 AM: Quarantining All Traces: topconverting downloader
9:52 AM: Quarantining All Traces: abetterinternet
9:53 AM: Quarantining All Traces: webrebates
9:53 AM: Quarantining All Traces: websearch toolbar
9:53 AM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\toolbar\webbrowser\{339bb23f-a864-48c0-a59f-29ea915965ec}\. Failed to export registry value "WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\toolbar\webbrowser\{339bb23f-a864-48c0-a59f-29ea915965ec}". Key/Value does not exist
9:53 AM: Warning: Failed to remove "HKEY_USERS\WRSS_Profile_S-1-5-21-4062979932-1903605263-4177129089-1008\software\microsoft\internet explorer\toolbar\webbrowser\{339bb23f-a864-48c0-a59f-29ea915965ec}".
9:53 AM: Quarantining All Traces: wildmedia
9:53 AM: Quarantining All Traces: yoursitebar
9:53 AM: Quarantining All Traces: surf accuracy
9:53 AM: Quarantining All Traces: winad
9:53 AM: Quarantining All Traces: yieldmanager cookie
9:53 AM: Quarantining All Traces: starpulse cookie
9:53 AM: Quarantining All Traces: atwola cookie
9:53 AM: Quarantining All Traces: com.com cookie
9:54 AM: Quarantining All Traces: go.com cookie
9:54 AM: Quarantining All Traces: realmedia cookie
9:54 AM: Quarantining All Traces: onestat.com cookie
9:54 AM: Quarantining All Traces: paypal cookie
9:54 AM: Quarantining All Traces: 2o7.net cookie
9:54 AM: Quarantining All Traces: advertising cookie
9:54 AM: Quarantining All Traces: servedby advertising cookie
9:54 AM: Quarantining All Traces: tribalfusion cookie
9:54 AM: Quarantining All Traces: about cookie
9:54 AM: Quarantining All Traces: adrevolver cookie
9:54 AM: Quarantining All Traces: addynamix cookie
9:54 AM: Quarantining All Traces: ask cookie
9:54 AM: Quarantining All Traces: atlas dmt cookie
9:54 AM: Quarantining All Traces: belnk cookie
9:54 AM: Quarantining All Traces: banner cookie
9:54 AM: Quarantining All Traces: casalemedia cookie
9:55 AM: Quarantining All Traces: fastclick cookie
9:55 AM: Quarantining All Traces: valuead cookie
9:55 AM: Quarantining All Traces: questionmarket cookie
9:55 AM: Quarantining All Traces: statstracking cookie
9:55 AM: Quarantining All Traces: targetnet cookie
9:55 AM: Quarantining All Traces: trafficmp cookie
9:55 AM: Quarantining All Traces: shopathomeselect
9:55 AM: Quarantining All Traces: 2nd-thought
9:55 AM: Quarantining All Traces: apropos
9:55 AM: Quarantining All Traces: dealhelper
9:55 AM: Quarantining All Traces: clearsearch
9:55 AM: Quarantining All Traces: redvpopup
9:55 AM: Quarantining All Traces: sexfiles dialers
9:56 AM: Removal process completed. Elapsed time 00:05:07
********
9:39 AM: |··· Start of Session, Saturday, August 06, 2005 ···|
9:39 AM: Spy Sweeper started
9:39 AM: Program Version 4.0.4 (Build 430) Using Spyware Definitions 511
9:40 AM: |··· End of Session, Saturday, August 06, 2005 ···|
Trend Micro HouseCall Results:
Results:
We have detected 15 infected file(s) with 15 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 10 virus(es) cleaned, 0 virus(es) uncleanable
- 5 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\Documents and Settings\Authorized User\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe PE_BOBAX.AA Clean successful
C:\Documents and Settings\Libby\.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com DOS_AGOBOT.GEN Deletion successful
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PE_BOBAX.AB Clean successful
C:\Program Files\Messenger\msmsgs.exe PE_BOBAX.AB Clean successful
C:\WINDOWS\SYSTEM32\.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com DOS_AGOBOT.GEN Deletion successful
C:\WINDOWS\SYSTEM32\dgpqfktsw.exe PE_BOBAX.AA Clean successful
C:\WINDOWS\SYSTEM32\gogwda.exe PE_BOBAX.AB-O Deletion successful
C:\WINDOWS\SYSTEM32\hyacvakhmibf.exe PE_BOBAX.AB Clean successful
C:\WINDOWS\SYSTEM32\kbdrv64.sys TROJ_ROOTKIT.K Deletion successful
C:\WINDOWS\SYSTEM32\kckinhnnbdd.exe PE_BOBAX.AB Clean successful
C:\WINDOWS\SYSTEM32\lmvlpjih.exe PE_BOBAX.AA Clean successful
C:\WINDOWS\SYSTEM32\lshxowd.exe PE_BOBAX.AB Clean successful
C:\WINDOWS\SYSTEM32\mswkst32.exe WORM_RBOT.BXW Deletion successful
C:\WINDOWS\SYSTEM32\nbtrsrbw.exe PE_BOBAX.AA Clean successful
C:\WINDOWS\SYSTEM32\qkohcfji.exe PE_BOBAX.AA Clean successful
Trojan/Worm Check 0 worm/Trojan horse deleted
What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken
Spyware Check 1 spyware program removed
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 1 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 1 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
ADW_APROPOS.O Adware Removal successful
Microsoft Vulnerability Check 12 vulnerabilities detected
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 12 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028
Important A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected. MS05-004
Critical This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take complete control of an affected system. MS05-009
Critical This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content. MS05-025
Critical HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. This vulnerability in HTML Help could allow attackers to execute arbitrary code on the affected system via a specially crafted Compiled Windows Help (CHM) file, because it does not completely validate input data. MS05-026
Critical A remote code execution vulnerability exists in the Microsofts implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a target system. This vulnerability could be exploited over the Internet. An attacker would have to transmit a specially crafted SMB packet to a target system to exploit it. However, failure to successfully exploit the vulnerability could only lead to a denial of service. MS05-027
Important A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete control over the affected system. MS05-028
Important A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. MS05-030
Moderate This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character. MS05-032
Moderate This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of users who have open connections to a malicious Telnet server. MS05-033
Critical This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerability exists because of the way Microsoft Color Management Module handles ICC profile format tag validation. MS05-036
Critical A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037
Normal HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:51:48 AM, on 8/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Ted's Stuff\DEATHWARE\HijackThis5\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\TED'SS~1\DEATHW~1\Spybot1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows MsDos Service] winmsdos.exe
O4 - HKLM\..\Run: [MSDOS WINTASK] wintask.exe
O4 - HKLM\..\Run: [Windows Download Manager] C:\WINDOWS\System32\windlmngr.exe
O4 - HKLM\..\Run: [IntelAMD Signal Processor2] C:\WINDOWS\System32\VsTaskMngr.exe
O4 - HKLM\..\RunServices: [Windows MsDos Service] winmsdos.exe
O4 - HKLM\..\RunServices: [MSDOS WINTASK] wintask.exe
O4 - HKLM\..\RunServices: [Windows Download Manager] C:\WINDOWS\System32\windlmngr.exe
O4 - HKLM\..\RunServices: [IntelAMD Signal Processor2] C:\WINDOWS\System32\VsTaskMngr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative....009/CTSUEng.cabO16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) -
http://install.wildt...iveLauncher.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1122737838843O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.ofoto.com..._1/axofupld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
http://63.108.96.230/tsweb/msrdp.cabO16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -
http://community.web...otoUploader.CABO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://www.bigfishga...outLauncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://antu.popcap.c...aploader_v6.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative....15010/CTPID.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\rofl.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ted's Stuff\DEATHWARE\Ewido2\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ted's Stuff\DEATHWARE\Ewido2\security suite\ewidoguard.exe
O23 - Service: Intel Centrino2 - Unknown owner - C:\WINDOWS\System32\VsTaskMngr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Wireless Connection Configuration (wificonf) - Unknown owner - C:\WINDOWS\mscarrt32.exe (file missing)
O23 - Service: Windows Download Manager - Unknown owner - C:\WINDOWS\System32\windlmngr.exe
O23 - Service: Windows Mess Service - Unknown owner - C:\WINDOWS\winmsd.exe (file missing)
Uninstall List:
ACE-HIGH MP3 WAV WMA OGG Converter
Ad-Aware SE Personal
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Amateur League Golf
America Online (Choose which version to remove)
America's Army
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
CC_ccProxyMSI
CC_ccStart
ccCommon
Chex® Quest
CleanUp!
Dell Support 5.0.0 (766)
Descent 3
Divided
DominateGame 20040711 (dominate)
Enigma
ewido security suite
Feeding Frenzy
Frozen-Bubble 1.0
Gaim (remove only)
Gish
Gish Demo
Google Earth
Google Toolbar for Internet Explorer
GTK+ Runtime 2.4.14 rev a (remove only)
Gubble CD
HijackThis 1.99.1
hp deskjet 990c series (Remove only)
HP Memories Disc
HP Software Update
HyperLoad - Ultimate Bobsled
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
iPod Updater 2004-11-15
iTunes
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Mickey 1024
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
MinGW 3.1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla (1.7.5)
Mozilla Firefox (1.0)
MSRedist
Myst IV - Revelation
Myst IV - Revelation Demo
myst5ss_800x600 Screen Saver
Neverwinter Nights
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Ofoto Easy Upload ActiveX Control
Once Upon a Knight
Orbz
Outlook Express Q823353
Photosmart 140,240,7200,7600,7700,7900 Series
Platypus
ProSiteFinder
Python 2.4
QuickTime
ReaConverter Pro 3.4
RealPlayer
Select CashBack
Shockwave
Skype 1.1
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Source Edit 4.0
Spy Sweeper
Spybot - Search & Destroy 1.3.1 TX
SpywareBlaster v3.4
Star Wars®: Knights of the Old Republic
Syberia
Symantec Script Blocking Installer
The GIMP 2.2.4
the HTML TADS Author's Kit
The Longest Journey
TI Connect 1.5
TrojanHunter 4.2
Tunnel version 1.2
Uru - To D'ni Expansion Pack
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP2) Q818966
WinRAR archiver
WinZip
WordPerfect Office 11
Yahoo! Address AutoComplete
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar