Here is the web root spy sweeper log you asked for:
********
1:45 AM: | Start of Session, Monday, November 14, 2005 |
1:45 AM: Spy Sweeper started
1:45 AM: Sweep initiated using definitions version 556
1:45 AM: Starting Memory Sweep
1:48 AM: Memory Sweep Complete, Elapsed Time: 00:02:44
1:48 AM: Starting Registry Sweep
1:48 AM: Found Adware: altnet
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/adm.exe\ (ID = 103506)
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/adm4.dll\ (ID = 103507)
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/admdata.dll\ (ID = 103508)
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/admdloader.dll\ (ID = 103509)
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/admfdi.dll\ (ID = 103510)
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/admprog.dll\ (ID = 103511)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\adm.exe (ID = 103519)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\adm4.dll (ID = 103520)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\admdata.dll (ID = 103521)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\admdloader.dll (ID = 103522)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\admfdi.dll (ID = 103523)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\admprog.dll (ID = 103524)
1:48 AM: Found Adware: azsearch toolbar
1:48 AM: HKCR\addressbar.loader.1\ (3 subtraces) (ID = 103884)
1:48 AM: HKCR\addressbar.loader\ (5 subtraces) (ID = 103885)
1:48 AM: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
1:48 AM: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103887)
1:48 AM: HKCR\clsid\{a19ef336-01d4-48e6-926a-fe7e1c747aed}\ (11 subtraces) (ID = 103891)
1:48 AM: HKCR\clsid\{ba048011-957f-4ba0-a804-62c28d96f878}\ (20 subtraces) (ID = 103893)
1:48 AM: HKCR\clsid\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (11 subtraces) (ID = 103895)
1:48 AM: HKCR\clsid\{f65b197f-8260-4d52-909a-f70118e646eb}\ (11 subtraces) (ID = 103896)
1:48 AM: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
1:48 AM: HKLM\software\classes\addressbar.loader.1\ (3 subtraces) (ID = 103907)
1:48 AM: HKLM\software\classes\addressbar.loader\ (5 subtraces) (ID = 103908)
1:48 AM: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909)
1:48 AM: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
1:48 AM: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103911)
1:48 AM: HKLM\software\classes\clsid\{a19ef336-01d4-48e6-926a-fe7e1c747aed}\ (11 subtraces) (ID = 103915)
1:48 AM: HKLM\software\classes\clsid\{ba048011-957f-4ba0-a804-62c28d96f878}\ (20 subtraces) (ID = 103917)
1:48 AM: HKLM\software\classes\clsid\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (11 subtraces) (ID = 103919)
1:48 AM: HKLM\software\classes\clsid\{f65b197f-8260-4d52-909a-f70118e646eb}\ (11 subtraces) (ID = 103920)
1:48 AM: HKLM\software\classes\typelib\{42fc3840-020c-4e93-a34c-4df1a6330fbb}\ (9 subtraces) (ID = 103932)
1:48 AM: HKLM\software\classes\typelib\{dea43ce3-d57b-45f6-a4d1-110e652ced11}\ (9 subtraces) (ID = 103934)
1:48 AM: HKLM\software\loaderco\ (3 subtraces) (ID = 103942)
1:48 AM: HKLM\software\microsoft\code store database\distribution units\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}\ (9 subtraces) (ID = 103943)
1:48 AM: HKLM\software\microsoft\internet explorer\toolbar\ || {a19ef336-01d4-48e6-926a-fe7e1c747aed} (ID = 103945)
1:48 AM: HKCR\typelib\{42fc3840-020c-4e93-a34c-4df1a6330fbb}\ (9 subtraces) (ID = 103955)
1:48 AM: HKCR\typelib\{dea43ce3-d57b-45f6-a4d1-110e652ced11}\ (9 subtraces) (ID = 103957)
1:48 AM: Found Adware: broadcastpc
1:48 AM: HKLM\software\microsoft\windows\currentversion\run\ || tvs_b (ID = 104990)
1:48 AM: Found Adware: gsim
1:48 AM: HKLM\software\microsoft\windows\currentversion\uninstall\gsim\ (2 subtraces) (ID = 127019)
1:48 AM: Found Adware: hotnow
1:48 AM: HKLM\software\pmx\ (1 subtraces) (ID = 127698)
1:48 AM: Found Adware: my daily horoscope
1:48 AM: HKLM\software\microsoft\windows\currentversion\run\ || usb controller (ID = 135393)
1:48 AM: Found Adware: popup killer
1:48 AM: HKCR\popupkiller.allowedpopups\ (3 subtraces) (ID = 136781)
1:48 AM: HKCR\clsid\{36d53c28-890e-11d6-b265-a0bc4ec10000}\ (9 subtraces) (ID = 136782)
1:48 AM: HKCR\interface\{36d53c26-890e-11d6-b265-a0bc4ec10000}\ (8 subtraces) (ID = 136783)
1:48 AM: HKCR\typelib\{36d53c25-890e-11d6-b265-a0bc4ec10000}\ (9 subtraces) (ID = 136784)
1:48 AM: Found Adware: targetsoft
1:48 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)
1:48 AM: Found Adware: targetsaver
1:48 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)
1:48 AM: Found Adware: abetterinternet
1:48 AM: HKLM\software\microsoft\windows\currentversion\run\ || satmat (ID = 146059)
1:48 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
1:48 AM: Found Adware: wildmedia
1:48 AM: HKLM\software\microsoft\windows\currentversion\uninstall\wbcm\ (4 subtraces) (ID = 146959)
1:48 AM: Found Adware: winad
1:48 AM: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
1:48 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
1:48 AM: Found Adware: 180search assistant/zango
1:48 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\zangolib.dll (ID = 147913)
1:48 AM: Found Adware: sp2ms
1:48 AM: HKLM\software\microsoft\windows\currentversion\run\ || msresearch (ID = 754357)
1:48 AM: HKU\WRSS_Profile_S-1-5-21-240772092-126639907-2800509490-500\software\aurora\ (18 subtraces) (ID = 360174)
1:48 AM: HKU\S-1-5-21-240772092-126639907-2800509490-1005\software\pmx\ (2 subtraces) (ID = 127697)
1:48 AM: Found Adware: drsnsrch.com hijack
1:48 AM: HKU\S-1-5-21-240772092-126639907-2800509490-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:48 AM: HKU\S-1-5-21-240772092-126639907-2800509490-1005\software\ultimate popup killer\ (3 subtraces) (ID = 136785)
1:48 AM: HKU\S-1-5-21-240772092-126639907-2800509490-1005\software\microsoft\windows\currentversion\run\ || ultimate popup killer (ID = 136786)
1:48 AM: HKU\S-1-5-21-240772092-126639907-2800509490-1005\software\tsl2\ (1 subtraces) (ID = 143616)
1:48 AM: Found Adware: iwon
1:48 AM: HKU\S-1-5-18\software\{95d56630-2c38-4f0c-8c92-54b79ef9ca78}\ (2 subtraces) (ID = 129313)
1:48 AM: Registry Sweep Complete, Elapsed Time:00:00:30
1:48 AM: Starting Cookie Sweep
1:48 AM: Found Spy Cookie: 2o7.net cookie
1:48 AM: shannon@2o7[2].txt (ID = 1957)
1:48 AM: Found Spy Cookie: hbmediapro cookie
1:48 AM:
[email protected][2].txt (ID = 2768)
1:48 AM: Found Spy Cookie: falkag cookie
1:48 AM:
[email protected][1].txt (ID = 2650)
1:48 AM: Found Spy Cookie: ask cookie
1:48 AM: shannon@ask[2].txt (ID = 2245)
1:48 AM: Found Spy Cookie: atwola cookie
1:48 AM: shannon@atwola[1].txt (ID = 2255)
1:48 AM: Found Spy Cookie: azjmp cookie
1:48 AM: shannon@azjmp[2].txt (ID = 2270)
1:48 AM: Found Spy Cookie: belnk cookie
1:48 AM: shannon@belnk[1].txt (ID = 2292)
1:48 AM: Found Spy Cookie: tickle cookie
1:48 AM:
[email protected][1].txt (ID = 3530)
1:48 AM:
[email protected][2].txt (ID = 2293)
1:48 AM: Found Spy Cookie: go.com cookie
1:48 AM: shannon@go[1].txt (ID = 2728)
1:48 AM: Found Spy Cookie: starware.com cookie
1:48 AM:
[email protected][2].txt (ID = 3442)
1:48 AM:
[email protected][1].txt (ID = 1958)
1:48 AM: Found Spy Cookie: overture cookie
1:48 AM:
[email protected][1].txt (ID = 3106)
1:48 AM: Found Spy Cookie: questionmarket cookie
1:48 AM: shannon@questionmarket[1].txt (ID = 3217)
1:48 AM: Found Spy Cookie: realmedia cookie
1:48 AM: shannon@realmedia[1].txt (ID = 3235)
1:48 AM: Found Spy Cookie: rn11 cookie
1:48 AM: shannon@rn11[2].txt (ID = 3261)
1:48 AM: Found Spy Cookie: reliablestats cookie
1:48 AM:
[email protected][1].txt (ID = 3254)
1:48 AM: shannon@tickle[1].txt (ID = 3529)
1:48 AM: Found Spy Cookie: tradedoubler cookie
1:48 AM: shannon@tradedoubler[2].txt (ID = 3575)
1:48 AM:
[email protected][1].txt (ID = 2729)
1:48 AM: Found Spy Cookie: redzip cookie
1:48 AM:
[email protected][1].txt (ID = 3250)
1:48 AM:
[email protected][1].txt (ID = 3442)
1:48 AM: Found Spy Cookie: adserver cookie
1:48 AM:
[email protected][1].txt (ID = 2142)
1:48 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
1:48 AM: Starting File Sweep
1:48 AM: Found Adware: websearch toolbar
1:48 AM: c:\program files\common files\wintools (ID = -2147480046)
1:48 AM: c:\program files\tvs (9 subtraces) (ID = -2147477469)
1:48 AM: Found Adware: hotbar
1:48 AM: c:\program files\hbinst (ID = -2147480873)
1:48 AM: Found Adware: keenvalue/perfectnav
1:48 AM: c:\program files\common files\updmgr (ID = -2147480787)
1:48 AM: Found Adware: gain-supported software
1:48 AM: c:\documents and settings\all users\start menu\programs\gain publishing (1 subtraces) (ID = -2147480950)
1:48 AM: Found Adware: bookedspace
1:48 AM: c:\windows\bsx32 (1 subtraces) (ID = -2147481346)
1:48 AM: c:\program files\common files\tsa (1 subtraces) (ID = -2147480171)
1:49 AM: c:\program files\common files\gmt (5037 subtraces) (ID = -2147480945)
1:49 AM: c:\program files\ornum (5 subtraces) (ID = -2147480792)
1:49 AM: c:\program files\perfectnav (1 subtraces) (ID = -2147480782)
1:49 AM: c:\program files\bpt (ID = -2147481334)
1:50 AM: azesearch.bmp (ID = 50322)
1:50 AM: gmt.exe.manifest (ID = 61434)
1:56 AM: popupkillergun.wav (ID = 72600)
1:57 AM: tvlistings.dll (ID = 51852)
1:59 AM: tab_0.mht (ID = 51850)
2:03 AM: better621.dll (ID = 83158)
2:04 AM: better0503.dll (ID = 83158)
2:05 AM: Found Trojan Horse: trojan-downloader-miewer
2:05 AM: gold.dll (ID = 80754)
2:06 AM: Found Adware: look2me
2:06 AM: a0000168.dll (ID = 163672)
2:07 AM: gsim.inf (ID = 61964)
2:08 AM: egieprocess.dll (ID = 61344)
2:08 AM: 180629.dll (ID = 70473)
2:08 AM: axinterop.shdocvw.dll (ID = 51810)
2:09 AM: bsx32.ini (ID = 51653)
2:10 AM: wbcmuninst_helper.exe (ID = 88922)
2:10 AM: Found Adware: virtualbouncer
2:10 AM: blizzard.dll (ID = 82781)
2:10 AM: wbcmuninst.exe (ID = 88921)
2:11 AM: blizzard621.dll (ID = 82781)
2:12 AM: booknew.dll (ID = 80755)
2:12 AM: tvs_ln.exe (ID = 51858)
2:13 AM: bizzard.dll (ID = 82781)
2:13 AM: tvs_clean.exe (ID = 51856)
2:13 AM: ni.mht (ID = 51847)
2:14 AM: interop.shdocvw.dll (ID = 51845)
2:16 AM: a0000169.dll (ID = 163672)
2:17 AM: bizzard0426.dll (ID = 82781)
2:24 AM: Found Adware: 10 minute site
2:24 AM: 10minsite.exe (ID = 107160)
2:24 AM: 1800411.dll (ID = 70473)
2:24 AM: 1800414.dll (ID = 70473)
2:24 AM: 180621.dll (ID = 70473)
2:25 AM: about gain publishing.lnk (ID = 61270)
2:25 AM: ultimate popup killer.lnk (ID = 72602)
2:26 AM: ultimate popup killer online help.lnk (ID = 72601)
2:27 AM: belt.inf (ID = 83154)
2:27 AM: satmat.ini (ID = 83499)
2:27 AM: satmat.inf (ID = 83498)
2:27 AM: biini.inf (ID = 83199)
2:27 AM: popupkiller.html (ID = 72599)
2:27 AM: padk.url (ID = 72597)
2:27 AM: polmx2.inf (ID = 83430)
2:29 AM: Found System Monitor: potentially rootkit-masked files
2:29 AM: 2004, 2005, cracks, sereils #, hacks, mus (ID = 0)
2:29 AM: cracks & serials - hundreds of serial num (ID = 0)
2:29 AM: 2004, 2005, cracks, sereils #, hacks, mu (ID = 0)
2:29 AM: 2004, 2005, cracks, sereils #, hacks, mu (ID = 0)
2:29 AM: 2004, 2005, cracks, sereils #, hacks, mu (ID = 0)
2:29 AM: cracks & serials - hundreds of serial num (ID = 0)
2:29 AM: cracks & serials - hundreds of serial num (ID = 0)
2:29 AM: cracks & serials - hundreds of serial num (ID = 0)
2:29 AM: cracks & serials - hundreds of serial num (ID = 0)
2:29 AM: 7000 serials cracks.txt (ID = 0)
2:29 AM: Warning: Unhandled Archive Type
2:31 AM: Warning: Unhandled Archive Type
2:31 AM: Warning: Unhandled Archive Type
2:32 AM: Warning: Unhandled Archive Type
2:32 AM: Warning: Unhandled Archive Type
2:33 AM: Warning: Invalid Stream
2:40 AM: Warning: Invalid Stream
2:40 AM: Warning: Invalid Stream
2:40 AM: Warning: Invalid Stream
2:40 AM: Warning: Invalid Stream
2:44 AM: ultimate popup killer online help.lnk (ID = 72597)
2:44 AM: File Sweep Complete, Elapsed Time: 00:56:07
2:44 AM: Full Sweep has completed. Elapsed time 00:59:36
2:44 AM: Traces Found: 5498
2:49 AM: Removal process initiated
2:49 AM: Quarantining All Traces: potentially rootkit-masked files
2:49 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
2:49 AM: 2004, 2005, cracks, sereils #, hacks, mus is in use. It will be removed on reboot.
2:49 AM: cracks & serials - hundreds of serial num is in use. It will be removed on reboot.
2:49 AM: 2004, 2005, cracks, sereils #, hacks, mu is in use. It will be removed on reboot.
2:49 AM: 2004, 2005, cracks, sereils #, hacks, mu is in use. It will be removed on reboot.
2:49 AM: 2004, 2005, cracks, sereils #, hacks, mu is in use. It will be removed on reboot.
2:49 AM: cracks & serials - hundreds of serial num is in use. It will be removed on reboot.
2:49 AM: cracks & serials - hundreds of serial num is in use. It will be removed on reboot.
2:49 AM: cracks & serials - hundreds of serial num is in use. It will be removed on reboot.
2:49 AM: cracks & serials - hundreds of serial num is in use. It will be removed on reboot.
2:49 AM: 7000 serials cracks.txt is in use. It will be removed on reboot.
2:49 AM: Quarantining All Traces: abetterinternet
2:49 AM: Quarantining All Traces: look2me
2:49 AM: Quarantining All Traces: websearch toolbar
2:49 AM: Quarantining All Traces: 10 minute site
2:49 AM: Quarantining All Traces: 180search assistant/zango
2:49 AM: Quarantining All Traces: altnet
2:49 AM: Quarantining All Traces: azsearch toolbar
2:49 AM: Quarantining All Traces: bookedspace
2:49 AM: Quarantining All Traces: broadcastpc
2:49 AM: Quarantining All Traces: drsnsrch.com hijack
2:49 AM: Quarantining All Traces: gain-supported software
2:50 AM: Quarantining All Traces: gsim
2:50 AM: Quarantining All Traces: hotbar
2:50 AM: Quarantining All Traces: hotnow
2:50 AM: Quarantining All Traces: iwon
2:50 AM: Quarantining All Traces: keenvalue/perfectnav
2:50 AM: Quarantining All Traces: my daily horoscope
2:50 AM: Quarantining All Traces: popup killer
2:50 AM: popup killer is in use. It will be removed on reboot.
2:50 AM: ultimate popup killer online help.lnk is in use. It will be removed on reboot.
2:50 AM: Quarantining All Traces: sp2ms
2:50 AM: Quarantining All Traces: targetsaver
2:50 AM: Quarantining All Traces: targetsoft
2:50 AM: Quarantining All Traces: trojan-downloader-miewer
2:50 AM: Quarantining All Traces: virtualbouncer
2:50 AM: Quarantining All Traces: wildmedia
2:50 AM: Quarantining All Traces: winad
2:50 AM: Quarantining All Traces: 2o7.net cookie
2:50 AM: Quarantining All Traces: adserver cookie
2:50 AM: Quarantining All Traces: ask cookie
2:50 AM: Quarantining All Traces: atwola cookie
2:50 AM: Quarantining All Traces: azjmp cookie
2:50 AM: Quarantining All Traces: belnk cookie
2:50 AM: Quarantining All Traces: falkag cookie
2:50 AM: Quarantining All Traces: go.com cookie
2:50 AM: Quarantining All Traces: hbmediapro cookie
2:50 AM: Quarantining All Traces: overture cookie
2:50 AM: Quarantining All Traces: questionmarket cookie
2:50 AM: Quarantining All Traces: realmedia cookie
2:50 AM: Quarantining All Traces: redzip cookie
2:50 AM: Quarantining All Traces: reliablestats cookie
2:50 AM: Quarantining All Traces: rn11 cookie
2:50 AM: Quarantining All Traces: starware.com cookie
2:50 AM: Quarantining All Traces: tickle cookie
2:50 AM: Quarantining All Traces: tradedoubler cookie
2:52 AM: Preparing to restart your computer. Please wait...
2:52 AM: Removal process completed. Elapsed time 00:03:03
********
1:41 AM: | Start of Session, Monday, November 14, 2005 |
1:41 AM: Spy Sweeper started
1:43 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 AM: | End of Session, Monday, November 14, 2005 |
And here is the fresh HiJackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:06:51 AM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.searchby.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeopleR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapp...://my.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Aornum] C:\Program Files\Ornum\Aornum1\1.bin\Aornum.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [razin] C:\DOCUME~1\Shannon\LOCALS~1\Temp\rm05040901.Stub.exe
O4 - HKLM\..\Run: [lxU.exe] c:\windows\system32\lxU.exe
O4 - HKLM\..\Run: [ek] C:\windows\system32\ek.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MwugNv2pn] C:\windows\system32\MwugNv2pn.exe
O4 - HKLM\..\Run: [qabmop] c:\windows\system32\mhdjdl.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow popups - file://C:\Program Files\Ultimate Popup Killer\Popupkiller.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\Texas Holdem\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\Texas Holdem\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker...IL/PhPSetup.cabO16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) -
http://mirror.worldw...mines/mines.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/...UI.cab40443.cabO16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} -
http://download.side...42037/sb026.cabO16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} -
http://www.uproar.co...pside_web18.cabO16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) -
http://secure2.comne...iveSekurity.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -
http://www.wildtange...all/Install.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) -
http://www.wildtange...ave/Install.cabO16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ub...s/GSManager.cabO16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) -
https://disneyblast....wareControl.cabO16 - DPF: {4BF7A372-9004-4CD5-9E91-1FDCC03CA8A9} (Eyeball Video Messaging Control) -
http://imlive.com/ch...e/vmcontrol.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150...tzip/RdxIE6.cabO16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) -
http://www.worldwinn...ck/bjattack.cabO16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) -
http://zone.msn.com/...t/atomaders.cabO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
http://us.games2.yim...ctl_0_0_0_1.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1131442478453O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) -
http://secure2.comne...iveSecurity.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/.../GrooveAX27.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/...mjolauncher.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {8DA664DC-123E-4836-B7B3-6653A8B082AB} (ChatOCX Control) -
http://www.igl.net/c...ChatOCXProj.cabO16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) -
http://www.worldwinn...jo/wordmojo.cabO16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weat...uginstaller.cab?
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://www.flipside....cherControl.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.c.../ymmapi_416.dllO16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) -
http://www.worldwinn...v45/wof/wof.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -
http://install.wildt...kII/install.cabO16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) -
http://www.worldwinn...apit/swapit.cabO16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) -
http://www.worldwinn...man/hangman.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn...ro.cab34246.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real...ArcadeRdxIE.cabO16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tile City Control) -
http://www.worldwinn...ty/tilecity.cabO16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) -
http://www.worldwinn...paint/paint.cabO16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
http://a840.g.akamai...uditControl.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://zone.msn.com/.../default/gf.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
http://zone.msn.com/...xy.cab35645.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/...WebLauncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://i.grab.com/me...aploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/z...s/heartbeat.cabO16 - DPF: {E66A5764-212B-40EC-8FB8-16949F6A82CD} -
http://www.ouchvideo.../c8/svcmm32.cabO16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) -
http://www.worldwinn...es/wwspades.cabO16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) -
http://supportcentra...oad/sonyctl.CABO16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) -
http://zone.msn.com/...on.cab36385.cabO20 - Winlogon Notify: App Management - C:\WINDOWS\system32\kgdno1.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\o8480ihue8480.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe