Hi Matt,
Here's the SpySweeper Log:
********
8:57 AM: | Start of Session, Wednesday, November 23, 2005 |
8:57 AM: Spy Sweeper started
8:57 AM: Sweep initiated using definitions version 574
8:57 AM: Starting Memory Sweep
8:58 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 AM: Found Adware: icannnews
8:58 AM: Detected running threat: C:\WINDOWS\system32\mols31.dll (ID = 125214)
8:58 AM: Detected running threat: C:\WINDOWS\system32\dqcprop.dll (ID = 125214)
8:58 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 AM: Memory Sweep Complete, Elapsed Time: 00:01:38
8:59 AM: Starting Registry Sweep
8:59 AM: Found Adware: surfsidekick
8:59 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
8:59 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
8:59 AM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
8:59 AM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
8:59 AM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
8:59 AM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
8:59 AM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
8:59 AM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
8:59 AM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
8:59 AM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
8:59 AM: Found Trojan Horse: trojan-downloader-conhook
8:59 AM: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627)
8:59 AM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628)
8:59 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629)
8:59 AM: Found Adware: drsnsrch.com hijack
8:59 AM: HKU\S-1-5-21-2455820761-3905421916-3500560185-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
8:59 AM: HKU\S-1-5-21-2455820761-3905421916-3500560185-1005\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
8:59 AM: HKU\S-1-5-21-2455820761-3905421916-3500560185-1005\software\surfsidekick3\ (3 subtraces) (ID = 143412)
8:59 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 AM: Registry Sweep Complete, Elapsed Time:00:00:16
8:59 AM: Starting Cookie Sweep
8:59 AM: Found Spy Cookie: 2o7.net cookie
8:59 AM: pskapoor@2o7[2].txt (ID = 1957)
8:59 AM: Found Spy Cookie: websponsors cookie
8:59 AM:
[email protected][2].txt (ID = 3665)
8:59 AM: Found Spy Cookie: abcsearch cookie
8:59 AM: pskapoor@abcsearch[1].txt (ID = 2033)
8:59 AM: Found Spy Cookie: yieldmanager cookie
8:59 AM:
[email protected][2].txt (ID = 3751)
8:59 AM: Found Spy Cookie: adecn cookie
8:59 AM: pskapoor@adecn[2].txt (ID = 2063)
8:59 AM: Found Spy Cookie: adknowledge cookie
8:59 AM: pskapoor@adknowledge[1].txt (ID = 2072)
8:59 AM: Found Spy Cookie: hbmediapro cookie
8:59 AM:
[email protected][2].txt (ID = 2768)
8:59 AM: Found Spy Cookie: specificclick.com cookie
8:59 AM:
[email protected][2].txt (ID = 3400)
8:59 AM: Found Spy Cookie: adrevolver cookie
8:59 AM: pskapoor@adrevolver[2].txt (ID = 2088)
8:59 AM: pskapoor@adrevolver[3].txt (ID = 2088)
8:59 AM: Found Spy Cookie: falkag cookie
8:59 AM:
[email protected][1].txt (ID = 2650)
8:59 AM:
[email protected][1].txt (ID = 2650)
8:59 AM: Found Spy Cookie: ask cookie
8:59 AM: pskapoor@ask[1].txt (ID = 2245)
8:59 AM: Found Spy Cookie: azjmp cookie
8:59 AM: pskapoor@azjmp[1].txt (ID = 2270)
8:59 AM: Found Spy Cookie: bluestreak cookie
8:59 AM: pskapoor@bluestreak[2].txt (ID = 2314)
8:59 AM: Found Spy Cookie: centrport net cookie
8:59 AM: pskapoor@centrport[1].txt (ID = 2374)
8:59 AM: Found Spy Cookie: ru4 cookie
8:59 AM:
[email protected][2].txt (ID = 3269)
8:59 AM: Found Spy Cookie: exitexchange cookie
8:59 AM: pskapoor@exitexchange[2].txt (ID = 2633)
8:59 AM: Found Spy Cookie: starware.com cookie
8:59 AM:
[email protected][2].txt (ID = 3442)
8:59 AM: Found Spy Cookie: clickandtrack cookie
8:59 AM:
[email protected][2].txt (ID = 2397)
8:59 AM: Found Spy Cookie: kmpads cookie
8:59 AM: pskapoor@kmpads[1].txt (ID = 2909)
8:59 AM: Found Spy Cookie: maxserving cookie
8:59 AM: pskapoor@maxserving[1].txt (ID = 2966)
8:59 AM:
[email protected][1].txt (ID = 1958)
8:59 AM: Found Spy Cookie: mygeek cookie
8:59 AM: pskapoor@mygeek[1].txt (ID = 3041)
8:59 AM: Found Spy Cookie: overture cookie
8:59 AM:
[email protected][1].txt (ID = 3106)
8:59 AM: Found Spy Cookie: questionmarket cookie
8:59 AM: pskapoor@questionmarket[1].txt (ID = 3217)
8:59 AM: Found Spy Cookie: realmedia cookie
8:59 AM: pskapoor@realmedia[1].txt (ID = 3235)
8:59 AM: Found Spy Cookie: statcounter cookie
8:59 AM: pskapoor@statcounter[1].txt (ID = 3447)
8:59 AM: Found Spy Cookie: trafficmp cookie
8:59 AM: pskapoor@trafficmp[2].txt (ID = 3581)
8:59 AM: Found Spy Cookie: tribalfusion cookie
8:59 AM: pskapoor@tribalfusion[1].txt (ID = 3589)
8:59 AM: Found Spy Cookie: valuead cookie
8:59 AM: pskapoor@valuead[1].txt (ID = 3626)
8:59 AM: Found Spy Cookie: redzip cookie
8:59 AM:
[email protected][2].txt (ID = 3250)
8:59 AM:
[email protected][1].txt (ID = 3442)
8:59 AM: Found Spy Cookie: adserver cookie
8:59 AM:
[email protected][1].txt (ID = 2142)
8:59 AM: Found Spy Cookie: zedo cookie
8:59 AM: pskapoor@zedo[2].txt (ID = 3762)
8:59 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
8:59 AM: Starting File Sweep
9:00 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 AM: Found Adware: directrevenue-abetterinternet
9:00 AM: a0039829.exe (ID = 134935)
9:00 AM: a0039853.dll (ID = 140769)
9:00 AM: a0041068.dll (ID = 125214)
9:00 AM: a0039859.exe (ID = 134935)
9:00 AM: a0030235.exe (ID = 115260)
9:00 AM: a0030255.exe (ID = 135267)
9:00 AM: a0030258.exe (ID = 143034)
9:01 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 AM: a0039854.dll (ID = 140770)
9:01 AM: a0039852.exe (ID = 140768)
9:01 AM: a0039616.exe (ID = 134935)
9:01 AM: mols31.dll (ID = 125214)
9:01 AM: Found Adware: purityscan
9:01 AM: a0030236.exe (ID = 134977)
9:01 AM: a0039821.exe (ID = 134935)
9:01 AM: a0030256.dll (ID = 143036)
9:01 AM: a0030194.exe (ID = 134935)
9:01 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 AM: a0039887.exe (ID = 134935)
9:01 AM: a0036776.exe (ID = 143038)
9:01 AM: a0039904.exe (ID = 134935)
9:01 AM: a0030231.exe (ID = 134953)
9:01 AM: a0039973.dll (ID = 125214)
9:01 AM: a0039922.exe (ID = 134935)
9:02 AM: a0036688.exe (ID = 143038)
9:02 AM: a0034616.exe (ID = 134935)
9:02 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 AM: a0030257.exe (ID = 143038)
9:02 AM: a0034556.exe (ID = 134935)
9:02 AM: a0029114.exe (ID = 134935)
9:02 AM: a0029113.exe (ID = 134935)
9:02 AM: a0029175.exe (ID = 134935)
9:02 AM: a0038170.exe (ID = 143038)
9:02 AM: a0038248.exe (ID = 143038)
9:03 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 AM: Found Adware: look2me
9:03 AM: a0041157.dll (ID = 163672)
9:03 AM: a0036960.exe (ID = 134935)
9:03 AM: Found Adware: drsnsrch hijacker
9:03 AM: a0030259.exe (ID = 121121)
9:03 AM: a0039298.exe (ID = 134935)
9:03 AM: a0030368.exe (ID = 134935)
9:03 AM: a0030244.exe (ID = 134935)
9:03 AM: a0032394.exe (ID = 134935)
9:03 AM: a0030268.exe (ID = 134935)
9:03 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 AM: a0030267.exe (ID = 134935)
9:03 AM: a0030289.exe (ID = 134935)
9:03 AM: a0039892.dll (ID = 125214)
9:03 AM: a0032426.exe (ID = 134935)
9:03 AM: a0041087.dll (ID = 125214)
9:03 AM: a0034595.exe (ID = 134935)
9:03 AM: a0038231.exe (ID = 134935)
9:03 AM: a0032441.exe (ID = 134935)
9:03 AM: a0030209.exe (ID = 134935)
9:03 AM: a0041354.dll (ID = 125214)
9:03 AM: a0041124.dll (ID = 125214)
9:03 AM: a0031367.exe (ID = 134935)
9:03 AM: a0043971.dll (ID = 125214)
9:03 AM: a0032460.exe (ID = 134935)
9:03 AM: a0032480.exe (ID = 134935)
9:03 AM: a0035643.exe (ID = 134935)
9:03 AM: a0033532.exe (ID = 134935)
9:04 AM: a0033514.exe (ID = 134935)
9:04 AM: a0034580.exe (ID = 134935)
9:04 AM: a0034531.exe (ID = 134935)
9:04 AM: a0030260.dll (ID = 115632)
9:04 AM: a0036695.exe (ID = 134935)
9:04 AM: a0036759.exe (ID = 134935)
9:04 AM: a0038265.exe (ID = 134935)
9:04 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 AM: a0037002.exe (ID = 134935)
9:04 AM: a0036643.exe (ID = 134935)
9:04 AM: a0031383.exe (ID = 134935)
9:04 AM: a0032497.exe (ID = 134935)
9:04 AM: a0036710.exe (ID = 134935)
9:04 AM: a0036741.exe (ID = 134935)
9:04 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 AM: dqcprop.dll (ID = 125214)
9:05 AM: a0041496.dll (ID = 125214)
9:05 AM: a0041156.dll (ID = 125214)
9:05 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 AM: a0039633.exe (ID = 134935)
9:05 AM: sskknwrd.dll (ID = 77733)
9:05 AM: nztman.dll (ID = 163672)
9:05 AM: a0039596.exe (ID = 134935)
9:05 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 AM: a0041356.dll (ID = 125214)
9:06 AM: a0036809.exe (ID = 134935)
9:06 AM: a0038002.exe (ID = 134935)
9:06 AM: a0038019.exe (ID = 134935)
9:06 AM: a0038037.exe (ID = 134935)
9:06 AM: a0036835.exe (ID = 134935)
9:06 AM: a0036863.exe (ID = 134935)
9:06 AM: a0036887.exe (ID = 134935)
9:06 AM: a0040049.dll (ID = 125214)
9:06 AM: a0041355.dll (ID = 125214)
9:06 AM: a0039792.exe (ID = 134935)
9:06 AM: a0039784.exe (ID = 134935)
9:06 AM: a0043979.dll (ID = 125214)
9:06 AM: a0030243.exe (ID = 134935)
9:06 AM: a0039279.exe (ID = 134935)
9:06 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:06 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:06 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 AM: a0039348.exe (ID = 134935)
9:06 AM: a0040032.dll (ID = 125214)
9:06 AM: a0039332.exe (ID = 134935)
9:06 AM: a0036791.exe (ID = 134935)
9:06 AM: a0029094.exe (ID = 134935)
9:06 AM: a0039297.exe (ID = 134935)
9:06 AM: a0039368.exe (ID = 134935)
9:06 AM: a0038263.exe (ID = 134935)
9:06 AM: a0032514.exe (ID = 134935)
9:06 AM: a0036728.exe (ID = 134935)
9:06 AM: a0039426.exe (ID = 134935)
9:06 AM: a0034579.exe (ID = 134935)
9:06 AM: a0035616.exe (ID = 134935)
9:06 AM: a0036670.exe (ID = 134935)
9:07 AM: a0038176.exe (ID = 134935)
9:07 AM: a0036930.exe (ID = 134935)
9:07 AM: a0039388.exe (ID = 134935)
9:07 AM: a0039262.exe (ID = 134935)
9:07 AM: a0038212.exe (ID = 134935)
9:07 AM: a0039485.exe (ID = 134935)
9:07 AM: a0036910.exe (ID = 134935)
9:07 AM: a0039842.exe (ID = 134935)
9:07 AM: a0041102.dll (ID = 125214)
9:07 AM: a0038105.exe (ID = 134935)
9:07 AM: a0039404.exe (ID = 134935)
9:07 AM: a0039907.dll (ID = 125214)
9:07 AM: a0038055.exe (ID = 134935)
9:07 AM: upd210[1].exe (ID = 163220)
9:07 AM: a0038078.exe (ID = 134935)
9:07 AM: a0036876.exe (ID = 134935)
9:07 AM: a0039369.exe (ID = 134935)
9:07 AM: a0039925.dll (ID = 125214)
9:07 AM: a0038088.exe (ID = 134935)
9:07 AM: a0038130.exe (ID = 134935)
9:07 AM: a0039389.exe (ID = 134935)
9:07 AM: a0030178.exe (ID = 134935)
9:07 AM: a0038118.exe (ID = 134935)
9:07 AM: a0038150.exe (ID = 134935)
9:07 AM: a0039615.exe (ID = 134935)
9:07 AM: a0039951.dll (ID = 125214)
9:07 AM: a0039876.dll (ID = 140771)
9:07 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 AM: a0032383.exe (ID = 134935)
9:07 AM: a0039993.dll (ID = 125214)
9:07 AM: a0030252.exe (ID = 141106)
9:07 AM: a0040015.dll (ID = 125214)
9:07 AM: a0039647.exe (ID = 134935)
9:07 AM: a0041049.dll (ID = 125214)
9:07 AM: a0032410.exe (ID = 134935)
9:08 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 AM: backup.zip (ID = 125214)
9:09 AM: File Sweep Complete, Elapsed Time: 00:09:25
9:09 AM: Full Sweep has completed. Elapsed time 00:11:22
9:09 AM: Traces Found: 259
9:09 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:11 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:11 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:11 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:11 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 AM: Removal process initiated
9:16 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 AM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 AM: Quarantining All Traces: directrevenue-abetterinternet
9:17 AM: Quarantining All Traces: icannnews
9:17 AM: icannnews is in use. It will be removed on reboot.
9:17 AM: mols31.dll is in use. It will be removed on reboot.
9:17 AM: dqcprop.dll is in use. It will be removed on reboot.
9:17 AM: C:\WINDOWS\system32\mols31.dll is in use. It will be removed on reboot.
9:17 AM: C:\WINDOWS\system32\dqcprop.dll is in use. It will be removed on reboot.
9:17 AM: Quarantining All Traces: look2me
9:17 AM: Quarantining All Traces: purityscan
9:17 AM: Quarantining All Traces: surfsidekick
9:17 AM: Quarantining All Traces: trojan-downloader-conhook
9:17 AM: Quarantining All Traces: drsnsrch hijacker
9:17 AM: Quarantining All Traces: drsnsrch.com hijack
9:17 AM: Quarantining All Traces: 2o7.net cookie
9:17 AM: Quarantining All Traces: abcsearch cookie
9:17 AM: Quarantining All Traces: adecn cookie
9:17 AM: Quarantining All Traces: adknowledge cookie
9:17 AM: Quarantining All Traces: adrevolver cookie
9:17 AM: Quarantining All Traces: adserver cookie
9:17 AM: Quarantining All Traces: ask cookie
9:17 AM: Quarantining All Traces: azjmp cookie
9:17 AM: Quarantining All Traces: bluestreak cookie
9:17 AM: Quarantining All Traces: centrport net cookie
9:17 AM: Quarantining All Traces: clickandtrack cookie
9:17 AM: Quarantining All Traces: exitexchange cookie
9:17 AM: Quarantining All Traces: falkag cookie
9:17 AM: Quarantining All Traces: hbmediapro cookie
9:17 AM: Quarantining All Traces: kmpads cookie
9:17 AM: Quarantining All Traces: maxserving cookie
9:17 AM: Quarantining All Traces: mygeek cookie
9:17 AM: Quarantining All Traces: overture cookie
9:17 AM: Quarantining All Traces: questionmarket cookie
9:17 AM: Quarantining All Traces: realmedia cookie
9:17 AM: Quarantining All Traces: redzip cookie
9:17 AM: Quarantining All Traces: ru4 cookie
9:17 AM: Quarantining All Traces: specificclick.com cookie
9:17 AM: Quarantining All Traces: starware.com cookie
9:17 AM: Quarantining All Traces: statcounter cookie
9:17 AM: Quarantining All Traces: trafficmp cookie
9:17 AM: Quarantining All Traces: tribalfusion cookie
9:17 AM: Quarantining All Traces: valuead cookie
9:17 AM: Quarantining All Traces: websponsors cookie
9:17 AM: Quarantining All Traces: yieldmanager cookie
9:17 AM: Quarantining All Traces: zedo cookie
9:18 AM: Warning: Launched explorer.exe
9:18 AM: Warning: Quarantine process could not restart Explorer.
9:20 AM: Preparing to restart your computer. Please wait...
9:20 AM: Removal process completed. Elapsed time 00:03:52
********
8:55 AM: | Start of Session, Wednesday, November 23, 2005 |
8:55 AM: Spy Sweeper started
8:55 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 AM: Your spyware definitions have been updated.
8:55 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:56 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:56 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:56 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:56 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 AM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 AM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 AM: | End of Session, Wednesday, November 23, 2005 |
Here's the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:24:51 AM, on 11/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ShopSafe\ShopSafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\HiJack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.earthlink.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeopleR3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\pskapoor\Application Data\Mozilla\Profiles\default\ijku3ppn.slt\prefs.js)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "D:\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vvx] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Reminders.lnk = D:\Broderbund\AG Spirit\AGremind.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.s...sa/LSSupCtl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...sa/SymAData.cabO20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe