Yet again, finished. There was a folder from Kazaa Lite (also uninstalled) still in the program files, so I deleted that too.
********
1:38 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
1:38 PM: Spy Sweeper started
1:38 PM: Sweep initiated using definitions version 511
1:38 PM: Starting Memory Sweep
1:43 PM: Memory Sweep Complete, Elapsed Time: 00:04:17
1:43 PM: Starting Registry Sweep
1:43 PM: Found Adware: apropos
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\aprps\ (7 subtraces) (ID = 103740)
1:43 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
1:43 PM: Found Adware: begin2search
1:43 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
1:43 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
1:43 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
1:43 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
1:43 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
1:43 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
1:43 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
1:43 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
1:43 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
1:43 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
1:43 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
1:43 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
1:43 PM: Found Adware: begin2search hijack
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\microsoft\internet explorer\ || searchurl (ID = 104274)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\microsoft\internet explorer\ || searchurl (ID = 104274)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\microsoft\internet explorer\search\ || searchassistant (ID = 104278)
1:43 PM: Found Adware: bookedspace
1:43 PM: HKLM\software\configuration manager\cfgmgr52\ (110 subtraces) (ID = 104873)
1:43 PM: HKLM\software\microsoft\windows\currentversion\run\ || cfgmgr52 (ID = 104883)
1:43 PM: Found Adware: cas
1:43 PM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
1:43 PM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
1:43 PM: Found Adware: coolsavings
1:43 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
1:43 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
1:43 PM: Found Adware: daily toolbar
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\nix solutions\animetoolbar\ (2 subtraces) (ID = 124630)
1:43 PM: Found Adware: elitebar
1:43 PM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
1:43 PM: Found Adware: elitebar searchmiracle hijacker
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\ || searchurl (ID = 125775)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\main\ || search page (ID = 125777)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\main\ || search bar (ID = 125778)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\search\ || searchassistant (ID = 125779)
1:43 PM: Found Adware: drsnsrch.com hijack
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:43 PM: Found Adware: 180search assistant/zango
1:43 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ncaseinstaller.dll (ID = 135764)
1:43 PM: Found Trojan Horse: trojan-downloader-pacisoft
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\psof1\ (16 subtraces) (ID = 136530)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\psof1\ (9 subtraces) (ID = 136530)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\psof1\ (14 subtraces) (ID = 136530)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\psof1\ (2 subtraces) (ID = 136530)
1:43 PM: Found Adware: surfsidekick
1:43 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
1:43 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:43 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\surfsidekick3\ (2 subtraces) (ID = 143412)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\surfsidekick3\ (3 subtraces) (ID = 143412)
1:43 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
1:43 PM: Found Adware: syncroad
1:43 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/syncroadx.dll\ (2 subtraces) (ID = 143513)
1:43 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\syncroadx.dll (ID = 143515)
1:43 PM: Found Trojan Horse: trojan-downloader-topinstalls
1:43 PM: HKLM\software\microsoft\windows\currentversion\run\ || wintask driver (ID = 144815)
1:43 PM: Found Adware: abetterinternet
1:43 PM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\cas\client\ (11 subtraces) (ID = 359309)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\windows\currentversion\run\ || cas client (ID = 359312)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\aurora\ (18 subtraces) (ID = 360174)
1:43 PM: Found Adware: shopnavupdater
1:43 PM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 491138)
1:43 PM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 491147)
1:43 PM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 491156)
1:43 PM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 491215)
1:43 PM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 491224)
1:43 PM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 491285)
1:43 PM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 491294)
1:43 PM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 491303)
1:43 PM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 491312)
1:43 PM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 491321)
1:43 PM: Found Adware: drsnsrch hijacker
1:43 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
1:43 PM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
1:43 PM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
1:43 PM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
1:43 PM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
1:43 PM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
1:43 PM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
1:43 PM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
1:44 PM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
1:44 PM: Found Adware: ieplugin
1:44 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
1:44 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\dsrch\ (11 subtraces) (ID = 509156)
1:44 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\dsrch\ (4 subtraces) (ID = 509156)
1:44 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\dsrch\ (2 subtraces) (ID = 509156)
1:44 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
1:44 PM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 509172)
1:44 PM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
1:44 PM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
1:44 PM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
1:44 PM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
1:44 PM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
1:44 PM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
1:44 PM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
1:44 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
1:44 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
1:44 PM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
1:44 PM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
1:44 PM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
1:44 PM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
1:44 PM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
1:44 PM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
1:44 PM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
1:44 PM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
1:44 PM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
1:44 PM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
1:44 PM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
1:44 PM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
1:44 PM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
1:44 PM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
1:44 PM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
1:44 PM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
1:44 PM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
1:44 PM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
1:44 PM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
1:44 PM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
1:44 PM: Found Adware: rich editor
1:44 PM: HKCR\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 544813)
1:44 PM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
1:44 PM: HKLM\software\classes\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 550504)
1:44 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
1:44 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
1:44 PM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
1:44 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
1:44 PM: Registry Sweep Complete, Elapsed Time:00:00:48
1:44 PM: Starting Cookie Sweep
1:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:44 PM: Starting File Sweep
1:44 PM: c:\program files\windows syncroad (ID = -2147480177)
1:44 PM: Found Adware: savenow - whenusave
1:44 PM: c:\documents and settings\dan 3rd\start menu\programs\whenu (3 subtraces) (ID = -2147480383)
1:44 PM: Found Trojan Horse: trojan-downloader-bookedspace
1:44 PM: c:\windows\cfgmgr52 (4 subtraces) (ID = -2147479590)
1:45 PM: Found Adware: windows afa internet enhancement
1:45 PM: a0088336.exe (ID = 90525)
1:45 PM: Found Adware: bonzi buddy
1:45 PM: bbshortcut.ico (ID = 51620)
1:45 PM: Found Adware: downloadware
1:45 PM: webinstall.exe (ID = 59312)
1:46 PM: Found Adware: parisvoyeur dialer
1:46 PM: a0087955.ico (ID = 71884)
1:49 PM: a0088287.dll (ID = 122356)
1:51 PM: sskknwrd.dll (ID = 77733)
1:59 PM: a0088271.exe (ID = 120996)
1:59 PM: zango.lnk (ID = 91109)
1:59 PM: zango.lnk (ID = 91109)
1:59 PM: a0088198.ico (ID = 51033)
1:59 PM: a0088350.dll (ID = 120160)
1:59 PM: a0088288.dll (ID = 121034)
1:59 PM: Found Adware: bargain buddy
1:59 PM: installer_marketing48x.exe (ID = 116175)
1:59 PM: installer_marketing48x.exe (ID = 116175)
2:00 PM: winb2s33.dll (ID = 51081)
2:00 PM: a0088206.ico (ID = 51033)
2:01 PM: Found Adware: netpal
2:01 PM: big fish games.url (ID = 70885)
2:01 PM: flyordie games.url (ID = 70890)
2:01 PM: osd1a2b.osd (ID = 57398)
2:01 PM: belt.inf (ID = 83154)
2:01 PM: File Sweep Complete, Elapsed Time: 00:17:28
2:01 PM: Full Sweep has completed. Elapsed time 00:22:48
2:01 PM: Traces Found: 793
2:21 PM: Removal process initiated
2:22 PM: Quarantining All Traces: apropos
2:22 PM: Quarantining All Traces: begin2search
2:22 PM: Quarantining All Traces: begin2search hijack
2:22 PM: Quarantining All Traces: bookedspace
2:22 PM: Quarantining All Traces: cas
2:22 PM: Quarantining All Traces: coolsavings
2:22 PM: Quarantining All Traces: daily toolbar
2:22 PM: Quarantining All Traces: elitebar
2:22 PM: Quarantining All Traces: elitebar searchmiracle hijacker
2:22 PM: Quarantining All Traces: drsnsrch.com hijack
2:22 PM: Quarantining All Traces: 180search assistant/zango
2:22 PM: Quarantining All Traces: trojan-downloader-pacisoft
2:22 PM: Quarantining All Traces: surfsidekick
2:22 PM: Quarantining All Traces: syncroad
2:22 PM: Quarantining All Traces: trojan-downloader-topinstalls
2:22 PM: Quarantining All Traces: abetterinternet
2:22 PM: Quarantining All Traces: shopnavupdater
2:22 PM: Quarantining All Traces: drsnsrch hijacker
2:22 PM: Quarantining All Traces: ieplugin
2:22 PM: Quarantining All Traces: rich editor
2:22 PM: Quarantining All Traces: savenow - whenusave
2:22 PM: Quarantining All Traces: trojan-downloader-bookedspace
2:22 PM: Quarantining All Traces: windows afa internet enhancement
2:22 PM: Quarantining All Traces: bonzi buddy
2:22 PM: Quarantining All Traces: downloadware
2:22 PM: Quarantining All Traces: parisvoyeur dialer
2:22 PM: Quarantining All Traces: bargain buddy
2:22 PM: Quarantining All Traces: netpal
2:22 PM: Removal process completed. Elapsed time 00:00:50
********
1:38 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
1:38 PM: Spy Sweeper started
1:38 PM: Sweep initiated using definitions version 511
1:38 PM: Starting Memory Sweep
1:38 PM: Sweep Canceled
1:38 PM: Memory Sweep Complete, Elapsed Time: 00:00:18
1:38 PM: Traces Found: 0
1:38 PM: |··· End of Session, Saturday, August 06, 2005 ···|
********
1:35 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
1:35 PM: Spy Sweeper started
1:35 PM: Your spyware definitions have been updated.
1:38 PM: |··· End of Session, Saturday, August 06, 2005 ···|
Logfile of HijackThis v1.99.1
Scan saved at 2:25:56 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\drivers\ACMonitor_X73.exe
C:\WINDOWS\system32\devldr32.exe
C:\drivers\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLHOS~1.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis (this is ok)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.comcast.netR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] c:\drivers\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] c:\drivers\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117673277\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {54E891A8-8D88-4B02-B75A-D87ECA896DFA} -
http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C1436375-774A-47AA-8076-89E106C39987} -
http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F1CA8DB3-3EC4-4995-921F-F033A9343988} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) -
http://survey.otxres...m/Preloader.dllO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...84/mcinsctl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1096383738309O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft...tail/DASAct.cabO16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} -
https://secure2.true.../TrueConfig.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/...me/ZAxRcMgr.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab32846.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,21/mcgdmgr.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
http://www.verizon.n...tivePreQual.cabO16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
http://www.live365.c...ers/play365.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....sa/SymAData.cabO16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) -
http://www2.verizon....es/vzWebIns.CABO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/...aploader_v5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A4D37956-3E46-4847-9000-9D2315E8D252}: NameServer = 209.137.171.10,209.137.171.20
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Harmony - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe