[xboxundone]

Ok i got the message from windows your computer is spyware infected i tried a cleanup reccomended on here i think it got most of it except there is an admin account i didn't create and my account i can't see task manager or change desktop stuff like backgrounds screen saver etc...
here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 8:51:55 AM, on 12/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {78FAE917-35E2-4A6B-9B40-000AD226482B} (MSN Money Ticker) - http://moneycentral....cabs/ticker.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by xboxundone, 18 December 2005 - 08:52 AM.

[Advertisements]

Logfile of HijackThis v1.99.1
Scan saved at 5:39:42 PM, on 12/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {78FAE917-35E2-4A6B-9B40-000AD226482B} (MSN Money Ticker) - http://moneycentral....cabs/ticker.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[xboxundone]

Logfile of HijackThis v1.99.1
Scan saved at 5:39:42 PM, on 12/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {78FAE917-35E2-4A6B-9B40-000AD226482B} (MSN Money Ticker) - http://moneycentral....cabs/ticker.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[xboxundone]

5:43 PM: | Start of Session, Sunday, December 18, 2005 |
5:43 PM: Spy Sweeper started
5:43 PM: Sweep initiated using definitions version 586
5:43 PM: Starting Memory Sweep
5:45 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
5:45 PM: Starting Registry Sweep
5:45 PM: Found Adware: cws_analyzeie
5:45 PM: HKLM\software\microsoft\internet explorer\main\msmsgsvc\ (ID = 116919)
5:45 PM: Found Adware: spysheriff
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1275210071-179605362-682003330-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 142127)
5:45 PM: Found Trojan Horse: trojan-backdoor-securemulti
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1275210071-179605362-682003330-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 484139)
5:45 PM: Registry Sweep Complete, Elapsed Time:00:00:07
5:45 PM: Starting Cookie Sweep
5:45 PM: Found Spy Cookie: 2o7.net cookie
5:45 PM: laura@2o7[1].txt (ID = 1957)
5:45 PM: Found Spy Cookie: yieldmanager cookie
5:45 PM: [email protected][2].txt (ID = 3751)
5:45 PM: Found Spy Cookie: specificclick.com cookie
5:45 PM: [email protected][2].txt (ID = 3400)
5:45 PM: Found Spy Cookie: advertising cookie
5:45 PM: laura@advertising[2].txt (ID = 2175)
5:45 PM: Found Spy Cookie: apmebf cookie
5:45 PM: laura@apmebf[2].txt (ID = 2229)
5:45 PM: Found Spy Cookie: atlas dmt cookie
5:45 PM: laura@atdmt[1].txt (ID = 2253)
5:45 PM: Found Spy Cookie: atwola cookie
5:45 PM: laura@atwola[1].txt (ID = 2255)
5:45 PM: Found Spy Cookie: centrport net cookie
5:45 PM: laura@centrport[1].txt (ID = 2374)
5:45 PM: Found Spy Cookie: qksrv cookie
5:45 PM: laura@qksrv[2].txt (ID = 3213)
5:45 PM: Found Spy Cookie: realmedia cookie
5:45 PM: laura@realmedia[1].txt (ID = 3235)
5:45 PM: Found Spy Cookie: serving-sys cookie
5:45 PM: laura@serving-sys[2].txt (ID = 3343)
5:45 PM: Found Spy Cookie: statcounter cookie
5:45 PM: laura@statcounter[2].txt (ID = 3447)
5:45 PM: Found Spy Cookie: pointroll cookie
5:45 PM: [email protected][1].txt (ID = 3148)
5:45 PM: bigdave@atdmt[2].txt (ID = 2253)
5:45 PM: Found Spy Cookie: burstnet cookie
5:45 PM: bigdave@burstnet[1].txt (ID = 2336)
5:45 PM: bigdave@statcounter[1].txt (ID = 3447)
5:45 PM: Found Spy Cookie: tribalfusion cookie
5:45 PM: bigdave@tribalfusion[2].txt (ID = 3589)
5:45 PM: Found Spy Cookie: burstbeacon cookie
5:45 PM: [email protected][1].txt (ID = 2335)
5:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
5:45 PM: Starting File Sweep
5:46 PM: Found Adware: limeshop
5:46 PM: c:\program files\limeshop (131 subtraces) (ID = -2147480733)
5:46 PM: Found Adware: coolwebsearch (cws)
5:46 PM: c:\documents and settings\bigdave\application data\winshow (2 subtraces) (ID = -2147481200)
5:46 PM: Found Adware: ebates money maker
5:46 PM: ch.class (ID = 59516)
5:46 PM: bc.class (ID = 59453)
5:46 PM: br.class (ID = 59482)
5:46 PM: bp.class (ID = 59478)
5:46 PM: dl.class (ID = 59582)
5:46 PM: dw.class (ID = 59603)
5:46 PM: di.class (ID = 59573)
5:46 PM: bm.class (ID = 59471)
5:46 PM: cf.class (ID = 59511)
5:46 PM: cb.class (ID = 59504)
5:46 PM: dv.class (ID = 59600)
5:46 PM: bh.class (ID = 59461)
5:46 PM: bf.class (ID = 59458)
5:46 PM: db.class (ID = 59559)
5:46 PM: dg.class (ID = 59568)
5:46 PM: be.class (ID = 59457)
5:46 PM: bz.class (ID = 59498)
5:46 PM: da.class (ID = 59557)
5:46 PM: bu.class (ID = 59487)
5:46 PM: n.class (ID = 59687)
5:46 PM: l.class (ID = 59673)
5:46 PM: f.class (ID = 59660)
5:46 PM: d.class (ID = 59555)
5:46 PM: b.class (ID = 59446)
5:46 PM: bt.class (ID = 59485)
5:46 PM: r.class (ID = 59694)
5:46 PM: cp.class (ID = 59533)
5:46 PM: bo.class (ID = 59475)
5:46 PM: bl.class (ID = 59469)
5:46 PM: bi.class (ID = 59463)
5:46 PM: ce.class (ID = 59510)
5:46 PM: bg.class (ID = 59460)
5:46 PM: cs.class (ID = 59539)
5:46 PM: cq.class (ID = 59534)
5:46 PM: cx.class (ID = 59548)
5:46 PM: cv.class (ID = 59545)
5:46 PM: ck.class (ID = 59521)
5:46 PM: cu.class (ID = 59543)
5:46 PM: limeshop.inf (ID = 65527)
5:46 PM: limeshop_readme.txt (ID = 65532)
5:46 PM: main.class (ID = 59681)
5:46 PM: cn.class (ID = 59528)
5:46 PM: cl.class (ID = 59524)
5:46 PM: cd.class (ID = 59507)
5:46 PM: cc.class (ID = 59506)
5:46 PM: cj.class (ID = 59519)
5:46 PM: ca.class (ID = 59501)
5:46 PM: ea.class (ID = 59611)
5:46 PM: bx.class (ID = 59494)
5:46 PM: bw.class (ID = 59492)
5:46 PM: topmoxie_proxy.htm (ID = 59713)
5:46 PM: topmoxie_conflicts2.htm (ID = 59712)
5:46 PM: limeshop_preferences0.htm (ID = 65531)
5:46 PM: bb.class (ID = 59451)
5:46 PM: dx.class (ID = 59604)
5:46 PM: limeshop_offer0.htm (ID = 65530)
5:46 PM: dj.class (ID = 59576)
5:46 PM: dq.class (ID = 59588)
5:46 PM: dm.class (ID = 59583)
5:46 PM: dn.class (ID = 59584)
5:49 PM: dy.class (ID = 59605)
5:49 PM: dr.class (ID = 59591)
5:50 PM: ed.class (ID = 59657)
5:50 PM: dz.class (ID = 59608)
5:53 PM: limeshop_confirm0.htm (ID = 65529)
5:59 PM: winshow.cfg (ID = 54621)
5:59 PM: Found Adware: redhotnetworks
5:59 PM: videox.inf (ID = 73668)
5:59 PM: limeshop_script0.htm (ID = 65533)
5:59 PM: eb.class (ID = 59614)
5:59 PM: q.class (ID = 59693)
5:59 PM: e.class (ID = 59610)
5:59 PM: g.class (ID = 59663)
5:59 PM: ec.class (ID = 59654)
5:59 PM: i.class (ID = 59665)
5:59 PM: k.class (ID = 59671)
5:59 PM: s.class (ID = 59698)
5:59 PM: a.class (ID = 59443)
5:59 PM: m.class (ID = 59678)
5:59 PM: j.class (ID = 59670)
5:59 PM: p.class (ID = 59689)
5:59 PM: v.class (ID = 59718)
5:59 PM: x.class (ID = 59729)
5:59 PM: ba.class (ID = 59449)
5:59 PM: bd.class (ID = 59455)
5:59 PM: bj.class (ID = 59466)
6:00 PM: bq.class (ID = 59480)
6:00 PM: bs.class (ID = 59484)
6:00 PM: bv.class (ID = 59490)
6:00 PM: t.class (ID = 59708)
6:00 PM: cg.class (ID = 59513)
6:00 PM: ci.class (ID = 59517)
6:00 PM: cm.class (ID = 59526)
6:00 PM: co.class (ID = 59530)
6:00 PM: cw.class (ID = 59547)
6:00 PM: cy.class (ID = 59551)
6:00 PM: dc.class (ID = 59561)
6:00 PM: u.class (ID = 59715)
6:00 PM: dh.class (ID = 59570)
6:00 PM: dk.class (ID = 59579)
6:00 PM: du.class (ID = 59596)
6:00 PM: File Sweep Complete, Elapsed Time: 00:14:16
6:00 PM: Full Sweep has completed. Elapsed time 00:16:53
6:00 PM: Traces Found: 256
********
5:55 PM: | Start of Session, Saturday, December 17, 2005 |
5:55 PM: Spy Sweeper started
5:55 PM: Sweep initiated using definitions version 586
5:55 PM: Starting Memory Sweep
5:56 PM: Memory Sweep Complete, Elapsed Time: 00:00:37
5:56 PM: Starting Registry Sweep
5:56 PM: Found Adware: cws_analyzeie
5:56 PM: HKLM\software\microsoft\internet explorer\main\msmsgsvc\ (ID = 116919)
5:56 PM: Found Adware: spysheriff
5:56 PM: HKU\S-1-5-21-1275210071-179605362-682003330-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 142127)
5:56 PM: Found Trojan Horse: trojan-backdoor-securemulti
5:56 PM: HKU\S-1-5-21-1275210071-179605362-682003330-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 484139)
5:56 PM: HKU\S-1-5-21-1275210071-179605362-682003330-1003\software\microsoft\windows\currentversion\run\ || msmsgsvc (ID = 116935)
5:56 PM: Registry Sweep Complete, Elapsed Time:00:00:08
5:56 PM: Starting Cookie Sweep
5:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:56 PM: Starting File Sweep
5:56 PM: Found Adware: limeshop
5:56 PM: c:\program files\limeshop (131 subtraces) (ID = -2147480733)
5:56 PM: c:\program files\spysheriff (2 subtraces) (ID = -2147476679)
5:56 PM: Found Adware: coolwebsearch (cws)
5:56 PM: c:\documents and settings\bigdave\application data\winshow (2 subtraces) (ID = -2147481200)
5:56 PM: Found Adware: ebates money maker
5:56 PM: ch.class (ID = 59516)
5:56 PM: bc.class (ID = 59453)
5:56 PM: br.class (ID = 59482)
5:56 PM: bp.class (ID = 59478)
5:56 PM: dl.class (ID = 59582)
5:56 PM: dw.class (ID = 59603)
5:56 PM: di.class (ID = 59573)
5:56 PM: bm.class (ID = 59471)
5:56 PM: cf.class (ID = 59511)
5:56 PM: cb.class (ID = 59504)
5:56 PM: dv.class (ID = 59600)
5:56 PM: bh.class (ID = 59461)
5:56 PM: bf.class (ID = 59458)
5:56 PM: db.class (ID = 59559)
5:56 PM: dg.class (ID = 59568)
5:56 PM: be.class (ID = 59457)
5:56 PM: bz.class (ID = 59498)
5:56 PM: da.class (ID = 59557)
5:56 PM: bu.class (ID = 59487)
5:56 PM: n.class (ID = 59687)
5:56 PM: l.class (ID = 59673)
5:56 PM: f.class (ID = 59660)
5:56 PM: d.class (ID = 59555)
5:56 PM: b.class (ID = 59446)
5:56 PM: bt.class (ID = 59485)
5:56 PM: r.class (ID = 59694)
5:56 PM: cp.class (ID = 59533)
5:56 PM: bo.class (ID = 59475)
5:56 PM: bl.class (ID = 59469)
5:56 PM: bi.class (ID = 59463)
5:56 PM: ce.class (ID = 59510)
5:56 PM: bg.class (ID = 59460)
5:56 PM: cs.class (ID = 59539)
5:56 PM: cq.class (ID = 59534)
5:56 PM: cx.class (ID = 59548)
5:56 PM: cv.class (ID = 59545)
5:56 PM: ck.class (ID = 59521)
5:56 PM: cu.class (ID = 59543)
5:56 PM: limeshop.inf (ID = 65527)
5:56 PM: limeshop_readme.txt (ID = 65532)
5:56 PM: main.class (ID = 59681)
5:56 PM: cn.class (ID = 59528)
5:56 PM: cl.class (ID = 59524)
5:56 PM: cd.class (ID = 59507)
5:56 PM: cc.class (ID = 59506)
5:56 PM: cj.class (ID = 59519)
5:56 PM: ca.class (ID = 59501)
5:56 PM: ea.class (ID = 59611)
5:56 PM: bx.class (ID = 59494)
5:56 PM: bw.class (ID = 59492)
5:56 PM: topmoxie_proxy.htm (ID = 59713)
5:56 PM: topmoxie_conflicts2.htm (ID = 59712)
5:56 PM: limeshop_preferences0.htm (ID = 65531)
5:56 PM: bb.class (ID = 59451)
5:56 PM: dx.class (ID = 59604)
5:56 PM: limeshop_offer0.htm (ID = 65530)
5:56 PM: dj.class (ID = 59576)
5:56 PM: dq.class (ID = 59588)
5:56 PM: dm.class (ID = 59583)
5:56 PM: dn.class (ID = 59584)
5:57 PM: Found Trojan Horse: trojan-downloader-asdbiz.biz
5:57 PM: qvxgamet2.exe (ID = 80237)
5:57 PM: qvxgamet4.exe (ID = 80237)
5:58 PM: dy.class (ID = 59605)
5:58 PM: dr.class (ID = 59591)
5:58 PM: ed.class (ID = 59657)
5:58 PM: dz.class (ID = 59608)
6:00 PM: limeshop_confirm0.htm (ID = 65529)
6:00 PM: uninstall.exe (ID = 198832)
6:01 PM: Found Trojan Horse: trojan-backdoor-us15info
6:01 PM: country.exe (ID = 183857)
6:01 PM: desktop.html (ID = 178574)
6:01 PM: tool4.exe (ID = 183857)
6:01 PM: tool5.exe (ID = 183857)
6:02 PM: winshow.cfg (ID = 54621)
6:02 PM: Found Adware: redhotnetworks
6:02 PM: videox.inf (ID = 73668)
6:02 PM: limeshop_script0.htm (ID = 65533)
6:02 PM: eb.class (ID = 59614)
6:02 PM: q.class (ID = 59693)
6:02 PM: e.class (ID = 59610)
6:02 PM: g.class (ID = 59663)
6:02 PM: ec.class (ID = 59654)
6:02 PM: i.class (ID = 59665)
6:02 PM: k.class (ID = 59671)
6:02 PM: s.class (ID = 59698)
6:02 PM: a.class (ID = 59443)
6:02 PM: m.class (ID = 59678)
6:02 PM: j.class (ID = 59670)
6:02 PM: p.class (ID = 59689)
6:02 PM: v.class (ID = 59718)
6:02 PM: x.class (ID = 59729)
6:02 PM: ba.class (ID = 59449)
6:02 PM: bd.class (ID = 59455)
6:02 PM: bj.class (ID = 59466)
6:02 PM: bq.class (ID = 59480)
6:02 PM: bs.class (ID = 59484)
6:02 PM: bv.class (ID = 59490)
6:02 PM: t.class (ID = 59708)
6:02 PM: cg.class (ID = 59513)
6:02 PM: ci.class (ID = 59517)
6:02 PM: cm.class (ID = 59526)
6:02 PM: co.class (ID = 59530)
6:02 PM: cw.class (ID = 59547)
6:02 PM: cy.class (ID = 59551)
6:02 PM: dc.class (ID = 59561)
6:02 PM: u.class (ID = 59715)
6:02 PM: dh.class (ID = 59570)
6:02 PM: dk.class (ID = 59579)
6:02 PM: du.class (ID = 59596)
6:02 PM: File Sweep Complete, Elapsed Time: 00:06:21
6:02 PM: Full Sweep has completed. Elapsed time 00:07:11
6:02 PM: Traces Found: 249
6:35 PM: Processing Startup Alerts
6:35 PM: Removed Startup entry: LDM
10:57 PM: Processing Startup Alerts
10:57 PM: Removed Startup entry: LDM
8:37 AM: Processing Startup Alerts
8:37 AM: Removed Startup entry: LDM
9:06 AM: Processing Startup Alerts
9:06 AM: Allowed Startup entry: THGuard
9:06 AM: Processing Startup Alerts
9:06 AM: Allowed Startup entry: THGuard
3:01 PM: Processing Startup Alerts
3:01 PM: Removed Startup entry: LDM
3:10 PM: BHO Shield: found: -- BHO installation denied at user request
3:56 PM: Processing Startup Alerts
3:56 PM: Allowed Startup entry: AIM
3:56 PM: Allowed Startup entry: Yahoo! Pager
3:56 PM: Allowed Startup entry: LDM
5:35 PM: Processing Startup Alerts
5:35 PM: Allowed Startup entry: LDM
5:43 PM: Updating spyware definitions
5:43 PM: Your definitions are up to date.
5:43 PM: | End of Session, Sunday, December 18, 2005 |
********
1:59 PM: | Start of Session, Saturday, December 17, 2005 |
1:59 PM: Spy Sweeper started
2:00 PM: Messenger service has been disabled.
2:00 PM: Your spyware definitions have been updated.
5:55 PM: Program Version 4.5.7 (Build 642) Using Spyware Definitions 586
5:55 PM: | End of Session, Saturday, December 17, 2005 |

[xboxundone]

********
6:15 PM: | Start of Session, Sunday, December 18, 2005 |
6:15 PM: Spy Sweeper started
6:15 PM: Sweep initiated using definitions version 556
6:15 PM: Starting Memory Sweep
6:17 PM: Memory Sweep Complete, Elapsed Time: 00:01:26
6:17 PM: Starting Registry Sweep
6:17 PM: Found Adware: cws_analyzeie
6:17 PM: HKLM\software\microsoft\internet explorer\main\msmsgsvc\ (ID = 116919)
6:17 PM: Found Adware: spysheriff
6:17 PM: HKU\WRSS_Profile_S-1-5-21-1275210071-179605362-682003330-500\software\microsoft\windows\currentversion\run\ || windows installer (ID = 142127)
6:17 PM: Registry Sweep Complete, Elapsed Time:00:00:07
6:17 PM: Starting Cookie Sweep
6:17 PM: Found Spy Cookie: 2o7.net cookie
6:17 PM: laura@2o7[1].txt (ID = 1957)
6:17 PM: Found Spy Cookie: yieldmanager cookie
6:17 PM: [email protected][2].txt (ID = 3751)
6:17 PM: Found Spy Cookie: specificclick.com cookie
6:17 PM: [email protected][2].txt (ID = 3400)
6:17 PM: Found Spy Cookie: advertising cookie
6:17 PM: laura@advertising[2].txt (ID = 2175)
6:17 PM: Found Spy Cookie: apmebf cookie
6:17 PM: laura@apmebf[2].txt (ID = 2229)
6:17 PM: Found Spy Cookie: atlas dmt cookie
6:17 PM: laura@atdmt[1].txt (ID = 2253)
6:17 PM: Found Spy Cookie: atwola cookie
6:17 PM: laura@atwola[1].txt (ID = 2255)
6:17 PM: Found Spy Cookie: centrport net cookie
6:17 PM: laura@centrport[1].txt (ID = 2374)
6:17 PM: Found Spy Cookie: qksrv cookie
6:17 PM: laura@qksrv[2].txt (ID = 3213)
6:17 PM: Found Spy Cookie: realmedia cookie
6:17 PM: laura@realmedia[1].txt (ID = 3235)
6:17 PM: Found Spy Cookie: serving-sys cookie
6:17 PM: laura@serving-sys[2].txt (ID = 3343)
6:17 PM: Found Spy Cookie: statcounter cookie
6:17 PM: laura@statcounter[2].txt (ID = 3447)
6:17 PM: Found Spy Cookie: pointroll cookie
6:17 PM: [email protected][1].txt (ID = 3148)
6:17 PM: bigdave@atdmt[2].txt (ID = 2253)
6:17 PM: Found Spy Cookie: burstnet cookie
6:17 PM: bigdave@burstnet[2].txt (ID = 2336)
6:17 PM: bigdave@statcounter[1].txt (ID = 3447)
6:17 PM: Found Spy Cookie: tribalfusion cookie
6:17 PM: bigdave@tribalfusion[2].txt (ID = 3589)
6:17 PM: Found Spy Cookie: burstbeacon cookie
6:17 PM: [email protected][1].txt (ID = 2335)
6:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
6:17 PM: Starting File Sweep
6:17 PM: Found Adware: limeshop
6:17 PM: c:\program files\limeshop (131 subtraces) (ID = -2147480733)
6:17 PM: Found Adware: coolwebsearch (cws)
6:17 PM: c:\documents and settings\bigdave\application data\winshow (2 subtraces) (ID = -2147481200)
6:17 PM: Found Adware: ebates money maker
6:17 PM: ch.class (ID = 59516)
6:17 PM: bc.class (ID = 59453)
6:17 PM: br.class (ID = 59482)
6:17 PM: bp.class (ID = 59478)
6:17 PM: dl.class (ID = 59582)
6:17 PM: dw.class (ID = 59603)
6:17 PM: di.class (ID = 59573)
6:17 PM: bm.class (ID = 59471)
6:17 PM: cf.class (ID = 59511)
6:17 PM: cb.class (ID = 59504)
6:17 PM: dv.class (ID = 59600)
6:17 PM: bh.class (ID = 59461)
6:17 PM: bf.class (ID = 59458)
6:17 PM: db.class (ID = 59559)
6:17 PM: dg.class (ID = 59568)
6:17 PM: be.class (ID = 59457)
6:17 PM: bz.class (ID = 59498)
6:17 PM: da.class (ID = 59557)
6:17 PM: bu.class (ID = 59487)
6:17 PM: n.class (ID = 59687)
6:17 PM: l.class (ID = 59673)
6:17 PM: f.class (ID = 59660)
6:17 PM: d.class (ID = 59555)
6:17 PM: b.class (ID = 59446)
6:17 PM: bt.class (ID = 59485)
6:17 PM: r.class (ID = 59694)
6:17 PM: cp.class (ID = 59533)
6:17 PM: bo.class (ID = 59475)
6:17 PM: bl.class (ID = 59469)
6:17 PM: bi.class (ID = 59463)
6:17 PM: ce.class (ID = 59510)
6:17 PM: bg.class (ID = 59460)
6:17 PM: cs.class (ID = 59539)
6:17 PM: cq.class (ID = 59534)
6:17 PM: cx.class (ID = 59548)
6:17 PM: cv.class (ID = 59545)
6:17 PM: ck.class (ID = 59521)
6:17 PM: cu.class (ID = 59543)
6:17 PM: limeshop.inf (ID = 65527)
6:17 PM: limeshop_readme.txt (ID = 65532)
6:17 PM: main.class (ID = 59681)
6:17 PM: cn.class (ID = 59528)
6:17 PM: cl.class (ID = 59524)
6:17 PM: cd.class (ID = 59507)
6:17 PM: cc.class (ID = 59506)
6:17 PM: cj.class (ID = 59519)
6:17 PM: ca.class (ID = 59501)
6:17 PM: ea.class (ID = 59611)
6:17 PM: bx.class (ID = 59494)
6:17 PM: bw.class (ID = 59492)
6:17 PM: topmoxie_proxy.htm (ID = 59713)
6:17 PM: topmoxie_conflicts2.htm (ID = 59712)
6:17 PM: limeshop_preferences0.htm (ID = 65531)
6:17 PM: bb.class (ID = 59451)
6:17 PM: dx.class (ID = 59604)
6:17 PM: limeshop_offer0.htm (ID = 65530)
6:17 PM: dj.class (ID = 59576)
6:17 PM: dq.class (ID = 59588)
6:17 PM: dm.class (ID = 59583)
6:17 PM: dn.class (ID = 59584)
6:19 PM: dy.class (ID = 59605)
6:19 PM: dr.class (ID = 59591)
6:20 PM: ed.class (ID = 59657)
6:20 PM: dz.class (ID = 59608)
6:22 PM: limeshop_confirm0.htm (ID = 65529)
6:27 PM: winshow.cfg (ID = 54621)
6:27 PM: Found Adware: redhotnetworks
6:27 PM: videox.inf (ID = 73668)
6:27 PM: limeshop_script0.htm (ID = 65533)
6:27 PM: eb.class (ID = 59614)
6:27 PM: q.class (ID = 59693)
6:27 PM: e.class (ID = 59610)
6:27 PM: g.class (ID = 59663)
6:27 PM: ec.class (ID = 59654)
6:27 PM: i.class (ID = 59665)
6:27 PM: k.class (ID = 59671)
6:27 PM: s.class (ID = 59698)
6:27 PM: a.class (ID = 59443)
6:27 PM: m.class (ID = 59678)
6:27 PM: j.class (ID = 59670)
6:27 PM: p.class (ID = 59689)
6:27 PM: v.class (ID = 59718)
6:27 PM: x.class (ID = 59729)
6:27 PM: ba.class (ID = 59449)
6:27 PM: bd.class (ID = 59455)
6:27 PM: bj.class (ID = 59466)
6:27 PM: bq.class (ID = 59480)
6:27 PM: bs.class (ID = 59484)
6:27 PM: bv.class (ID = 59490)
6:27 PM: t.class (ID = 59708)
6:27 PM: cg.class (ID = 59513)
6:27 PM: ci.class (ID = 59517)
6:27 PM: cm.class (ID = 59526)
6:27 PM: co.class (ID = 59530)
6:27 PM: cw.class (ID = 59547)
6:27 PM: cy.class (ID = 59551)
6:27 PM: dc.class (ID = 59561)
6:27 PM: u.class (ID = 59715)
6:27 PM: dh.class (ID = 59570)
6:27 PM: dk.class (ID = 59579)
6:27 PM: du.class (ID = 59596)
6:27 PM: File Sweep Complete, Elapsed Time: 00:10:24
6:27 PM: Full Sweep has completed. Elapsed time 00:12:01
6:27 PM: Traces Found: 255
6:28 PM: Removal process initiated
6:28 PM: Quarantining All Traces: cws_analyzeie
6:28 PM: Quarantining All Traces: spysheriff
6:28 PM: Quarantining All Traces: coolwebsearch (cws)
6:28 PM: Quarantining All Traces: ebates money maker
6:28 PM: Quarantining All Traces: limeshop
6:28 PM: Quarantining All Traces: redhotnetworks
6:28 PM: Quarantining All Traces: 2o7.net cookie
6:28 PM: Quarantining All Traces: advertising cookie
6:28 PM: Quarantining All Traces: apmebf cookie
6:28 PM: Quarantining All Traces: atlas dmt cookie
6:28 PM: Quarantining All Traces: atwola cookie
6:28 PM: Quarantining All Traces: burstbeacon cookie
6:28 PM: Quarantining All Traces: burstnet cookie
6:28 PM: Quarantining All Traces: centrport net cookie
6:28 PM: Quarantining All Traces: pointroll cookie
6:28 PM: Quarantining All Traces: qksrv cookie
6:28 PM: Quarantining All Traces: realmedia cookie
6:28 PM: Quarantining All Traces: serving-sys cookie
6:28 PM: Quarantining All Traces: specificclick.com cookie
6:28 PM: Quarantining All Traces: statcounter cookie
6:28 PM: Quarantining All Traces: tribalfusion cookie
6:28 PM: Quarantining All Traces: yieldmanager cookie
6:28 PM: Removal process completed. Elapsed time 00:00:23
********

[xboxundone]

Logfile of HijackThis v1.99.1
Scan saved at 6:33:49 PM, on 12/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {78FAE917-35E2-4A6B-9B40-000AD226482B} (MSN Money Ticker) - http://moneycentral....cabs/ticker.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe