[Michelle]

Reboot and post a new HiJackThis log, please.

[Advertisements]

ok brb restarting

[Caffeine_Powered]

ok brb restarting

[Caffeine_Powered]

Logfile of HijackThis v1.99.1
Scan saved at 6:25:13 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\download\Hijackthis scanner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120615593984
O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\download\virus scanners and sit\CWShredder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Michelle]

Run HijackThis. Place a check next to the following item and click FIX CHECKED:

O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)

Close HiJackThis. Please run ActiveScan as previously instructed and post the results along with a new HiJackThis log

[Caffeine_Powered]

i can't get active scan to download its giving me a REALLY hardtime

[Michelle]

Ok, no problem, let's do this instead:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link under to "SpySweeper" to download the program.
• Install it.
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

[Caffeine_Powered]

ok that spy program worked made my comp lil slow for lil while but its oke now i believe

anyway

here ya go

Logfile of HijackThis v1.99.1
Scan saved at 7:25:20 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\download\Hijackthis scanner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120615593984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\download\virus scanners and sit\CWShredder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



spysweeper
********
7:09 PM: |··· Start of Session, Thursday, September 22, 2005 ···|
7:09 PM: Spy Sweeper started
7:09 PM: Sweep initiated using definitions version 539
7:09 PM: Starting Memory Sweep
7:11 PM: Memory Sweep Complete, Elapsed Time: 00:02:28
7:11 PM: Starting Registry Sweep
7:11 PM: Found Adware: ieplugin
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\intexp\ (12 subtraces) (ID = 128173)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1008\software\intexp\ (12 subtraces) (ID = 128173)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1009\software\intexp\ (8 subtraces) (ID = 128173)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\intexp\ (11 subtraces) (ID = 128173)
7:11 PM: Found Adware: drsnsrch.com hijack
7:11 PM: HKU\S-1-5-21-914841441-3246352287-1996697109-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1009\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1010\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1008\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1010\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\microsoft\internet explorer\main\ || search page (ID = 128207)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1008\software\microsoft\internet explorer\main\ || search page (ID = 128207)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1010\software\microsoft\internet explorer\main\ || search page (ID = 128207)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 128212)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1008\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 128212)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1010\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 128212)
7:11 PM: Found Adware: internetoptimizer
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\avenue media\ (ID = 128887)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\avenue media\ (11 subtraces) (ID = 128887)
7:11 PM: Found Adware: ist software
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\ist\ (1 subtraces) (ID = 129108)
7:11 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\ist\ (1 subtraces) (ID = 129108)
7:12 PM: Found Adware: 180search assistant/zango
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\sais\ (14 subtraces) (ID = 135790)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\sais\ (25 subtraces) (ID = 135790)
7:12 PM: Found Adware: neededware
7:12 PM: HKCR\epxactivex.epxactivexctrl.1\ (3 subtraces) (ID = 135812)
7:12 PM: HKLM\software\classes\epxactivex.epxactivexctrl.1\ (3 subtraces) (ID = 135831)
7:12 PM: Found Adware: ist sidefind
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
7:12 PM: HKU\S-1-5-21-914841441-3246352287-1996697109-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
7:12 PM: Found Adware: surfsidekick
7:12 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
7:12 PM: Found Adware: targetsaver
7:12 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
7:12 PM: Found Adware: targetsoft
7:12 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)
7:12 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)
7:12 PM: Found Adware: ist yoursitebar
7:12 PM: HKU\S-1-5-21-914841441-3246352287-1996697109-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853)
7:12 PM: Found Adware: surf accuracy
7:12 PM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
7:12 PM: Found Adware: quicklink search toolbar
7:12 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (5 subtraces) (ID = 359437)
7:12 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (5 subtraces) (ID = 359440)
7:12 PM: HKLM\software\classes\typelib\{ea420048-2898-4110-88c3-1f660b0c7ff3}\ (9 subtraces) (ID = 359443)
7:12 PM: HKCR\typelib\{ea420048-2898-4110-88c3-1f660b0c7ff3}\ (9 subtraces) (ID = 359446)
7:12 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448)
7:12 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449)
7:12 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450)
7:12 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451)
7:12 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452)
7:12 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453)
7:12 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454)
7:12 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455)
7:12 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
7:12 PM: HKLM\software\ql\ (4 subtraces) (ID = 359458)
7:12 PM: Found Adware: abetterinternet
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1007\software\aurora\ (28 subtraces) (ID = 360174)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1008\software\aurora\ (27 subtraces) (ID = 360174)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1009\software\aurora\ (28 subtraces) (ID = 360174)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1010\software\aurora\ (28 subtraces) (ID = 360174)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\aurora\ (29 subtraces) (ID = 360174)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-500\software\aurora\ (26 subtraces) (ID = 360174)
7:12 PM: Found Adware: drsnsrch hijacker
7:12 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
7:12 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1009\software\dsrch\ (7 subtraces) (ID = 509156)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1010\software\dsrch\ (11 subtraces) (ID = 509156)
7:12 PM: HKU\WRSS_Profile_S-1-5-21-914841441-3246352287-1996697109-1011\software\dsrch\ (7 subtraces) (ID = 509156)
7:12 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
7:12 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
7:12 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
7:12 PM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
7:12 PM: HKCR\clsid\{df8d3705-03f2-4fd7-9ad2-0c34cc53e064}\ (18 subtraces) (ID = 648904)
7:12 PM: HKCR\typelib\{1b3d786d-540a-43b1-8036-d732a9a33975}\ (9 subtraces) (ID = 648923)
7:12 PM: HKLM\software\classes\typelib\{1b3d786d-540a-43b1-8036-d732a9a33975}\ (9 subtraces) (ID = 648941)
7:12 PM: HKLM\software\classes\clsid\{df8d3705-03f2-4fd7-9ad2-0c34cc53e064}\ (18 subtraces) (ID = 648951)
7:12 PM: HKCR\clsid\{559dc65b-3e9e-4e49-af34-677f78c5a8eb}\ (3 subtraces) (ID = 648983)
7:12 PM: HKLM\software\classes\clsid\{559dc65b-3e9e-4e49-af34-677f78c5a8eb}\ (3 subtraces) (ID = 649032)
7:12 PM: Registry Sweep Complete, Elapsed Time:00:00:10
7:12 PM: Starting Cookie Sweep
7:12 PM: Found Spy Cookie: ask cookie
7:12 PM: owner@ask[1].txt (ID = 2245)
7:12 PM: Found Spy Cookie: atlas dmt cookie
7:12 PM: owner@atdmt[2].txt (ID = 2253)
7:12 PM: Found Spy Cookie: fastclick cookie
7:12 PM: owner@fastclick[1].txt (ID = 2651)
7:12 PM: Found Spy Cookie: questionmarket cookie
7:12 PM: owner@questionmarket[1].txt (ID = 3217)
7:12 PM: Found Spy Cookie: realmedia cookie
7:12 PM: owner@realmedia[2].txt (ID = 3235)
7:12 PM: Found Spy Cookie: reliablestats cookie
7:12 PM: [email protected][1].txt (ID = 3254)
7:12 PM: Found Spy Cookie: tribalfusion cookie
7:12 PM: owner@tribalfusion[2].txt (ID = 3589)
7:12 PM: Found Spy Cookie: tripod cookie
7:12 PM: owner@tripod[1].txt (ID = 3591)
7:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
7:12 PM: Starting File Sweep
7:12 PM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
7:13 PM: tsuninst.exe (ID = 78276)
7:14 PM: uninst.exe (ID = 73428)
7:15 PM: __p9hepqkbj.exe (ID = 131738)
7:15 PM: preuninstallql.exe (ID = 131326)
7:17 PM: Found Adware: coolwebsearch (cws)
7:17 PM: search the web.url (ID = 54454)
7:17 PM: only sex website.url (ID = 54373)
7:17 PM: seven days of free [bleep].url (ID = 54472)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: videos.url (ID = 130694)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: fha.url (ID = 130673)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: videos.url (ID = 130694)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: fha.url (ID = 130673)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: search the web.url (ID = 54454)
7:17 PM: only sex website.url (ID = 54373)
7:17 PM: seven days of free [bleep].url (ID = 54472)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: videos.url (ID = 130694)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: fha.url (ID = 130673)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: videos.url (ID = 130694)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: fha.url (ID = 130673)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: videos.url (ID = 130694)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: fha.url (ID = 130673)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: videos.url (ID = 130694)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: fha.url (ID = 130673)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: videos.url (ID = 130694)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: fha.url (ID = 130673)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: what is hydrocodone.url (ID = 130695)
7:17 PM: videos.url (ID = 130694)
7:17 PM: unsecured bad credit loans.url (ID = 130693)
7:17 PM: tahoe vacation rental.url (ID = 130692)
7:17 PM: refinancing my mortgage.url (ID = 130691)
7:17 PM: prescription drugs rx online.url (ID = 130690)
7:17 PM: personal loans with bad credit.url (ID = 130689)
7:17 PM: personal loans online.url (ID = 130688)
7:17 PM: payroll advance.url (ID = 130687)
7:17 PM: order phentermine.url (ID = 130686)
7:17 PM: online instant loan.url (ID = 130685)
7:17 PM: online gambling casino.url (ID = 130684)
7:17 PM: online betting site.url (ID = 130683)
7:17 PM: nevada corporations.url (ID = 130682)
7:17 PM: mortgage life insurance.url (ID = 130681)
7:17 PM: mortgage insurance.url (ID = 130680)
7:17 PM: marketing email.url (ID = 130679)
7:17 PM: loan for people with bad credit.url (ID = 130678)
7:17 PM: loan for debt consolidation.url (ID = 130677)
7:17 PM: insurance home.url (ID = 130676)
7:17 PM: help desk software.url (ID = 130675)
7:17 PM: health insurance.url (ID = 130674)
7:17 PM: fha.url (ID = 130673)
7:17 PM: escorts.url (ID = 130672)
7:17 PM: debt credit card.url (ID = 130671)
7:17 PM: crm software.url (ID = 130670)
7:17 PM: credit report.url (ID = 130669)
7:17 PM: credit counseling.url (ID = 130668)
7:17 PM: broadband comparison.url (ID = 130667)
7:17 PM: ab scissor.url (ID = 130666)
7:17 PM: File Sweep Complete, Elapsed Time: 00:05:43
7:17 PM: Full Sweep has completed. Elapsed time 00:08:31
7:17 PM: Traces Found: 794
7:19 PM: Removal process initiated
7:19 PM: Quarantining All Traces: ieplugin
7:19 PM: Quarantining All Traces: drsnsrch.com hijack
7:19 PM: Quarantining All Traces: internetoptimizer
7:19 PM: Quarantining All Traces: ist software
7:19 PM: Quarantining All Traces: 180search assistant/zango
7:19 PM: Quarantining All Traces: neededware
7:19 PM: Quarantining All Traces: ist sidefind
7:19 PM: Quarantining All Traces: surfsidekick
7:19 PM: Quarantining All Traces: targetsaver
7:19 PM: Quarantining All Traces: targetsoft
7:19 PM: Quarantining All Traces: ist yoursitebar
7:19 PM: Quarantining All Traces: surf accuracy
7:19 PM: Quarantining All Traces: quicklink search toolbar
7:19 PM: Quarantining All Traces: abetterinternet
7:19 PM: Quarantining All Traces: drsnsrch hijacker
7:19 PM: Quarantining All Traces: ask cookie
7:19 PM: Quarantining All Traces: atlas dmt cookie
7:19 PM: Quarantining All Traces: fastclick cookie
7:19 PM: Quarantining All Traces: questionmarket cookie
7:19 PM: Quarantining All Traces: realmedia cookie
7:19 PM: Quarantining All Traces: reliablestats cookie
7:19 PM: Quarantining All Traces: tribalfusion cookie
7:19 PM: Quarantining All Traces: tripod cookie
7:19 PM: Quarantining All Traces: coolwebsearch (cws)
7:21 PM: Removal process completed. Elapsed time 00:01:52
********
7:08 PM: |··· Start of Session, Thursday, September 22, 2005 ···|
7:08 PM: Spy Sweeper started
7:09 PM: |··· End of Session, Thursday, September 22, 2005 ···|

[Michelle]

Please download remzmmf.zip from here:  remzmmf.zip   185bytes   92 downloads

Unzip it to your desktop.

Go into the remzmmf folder and double-click remzmmf.reg and when asked if you want to merge with the registry click YES.

*Open HijackThis.
*Click on None of the above, just start the program
*Click Config (bottom right)
*Click Misc Tools
*Click Open Uninstall Manager
*Click Save List - Save it anywhere.
*A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

[Caffeine_Powered]

here ya go

Ad-Aware SE Personal
Adobe Reader 6.0
AOL Instant Messenger
ArcSoft ShowBiz 2
aspi
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CC_ccStart
ccCommon
CCHelp
CCScore
CleanUp!
Dimera 2000_3500
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSvpaht
ESSvpot
ewido security suite
Excavation from Hewlett-Packard Desktops (remove only)
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Google Earth
Half-Life
Half-Life Standard SDK 2.0
HijackThis 1.99.1
hp deskjet 3600 series
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Organize
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
HPIZ311
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2
KBD
Kodak EasyShare software
KSU
LeadTool
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Standard Edition 2003
Microsoft Office XP Small Business
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
MSN Music Assistant
MSRedist
Multimedia Card Reader
MUSICMATCH® Jukebox
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Notifier
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
OTtBP
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
Panda ActiveScan
PCDADDIN
PCDHELP
PCDLNCH
PC-Doctor for Windows
PCDrdsho
Photosmart 140,240,7200,7600,7700,7900 Series
PopSubtract
Pop-Up Stopper Free Edition
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SFR
SFR2
Sierra Utilities
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
Spy Sweeper
Steam
Sven Co-op 3.0
Symantec Script Blocking Installer
SymNet
toolkit
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Updates from HP
USB MassStorage CardReader
Ventrilo Client
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
WeatherBug
West Point Bridge Designer 2005
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Worldcraft 3

[Michelle]

One more thing to do:

Please download fixme.zip from here:  fixme.zip   189bytes   105 downloads
Unzip it to your desktop and double-click fixme.bat

Then please post a new HiJackThis log.

[Caffeine_Powered]

Logfile of HijackThis v1.99.1
Scan saved at 7:49:17 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\download\Hijackthis scanner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120615593984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\download\virus scanners and sit\CWShredder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Michelle]

Any other problems and what is it you are wanting to ask?

[Caffeine_Powered]

when i restart i get a notification that there was an invalid backweb access 137903

i beleive this is from when i got spyware in my comp

i used spybot s +d to get rid of it- and from what i understand when u fix problems with that program u send them to a zip file
i looked up the id # and it said that what spybot did was delete the startup program but not the program so its like a dormant file in my comp

2 questions

1 how do i get rid of tht (i tried to do it in regedit)

2 do u know where the zipfile (if there is one) is located

[Michelle]

"invalid backweb access 137903" actually belongs to Hewlett Packard. First, it's not harmful, 2nd it's also not necessary.

Run HiJackThis. Place a check next to the following item and click FIX CHECKED:

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

Close HiJackThis.

It's really not necessary to do anything else with it.

[Caffeine_Powered]

i can remove these programs (the ones that i don't want) rite?