Jump to content


Photo

Persistent Adware won't go away


  • This topic is locked This topic is locked
8 replies to this topic

#1 Diomed

Diomed

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 17 October 2005 - 09:58 PM

I read the FAQ and followed all instructions.

I have some type of adware on my machine. Adaware and Spybot don't find anything when I scan. Norton finds problems, but can't eliminate them. Tried using CWShredder. It reports finding VX2.Look2Me, but if I try to fix it after I reboot, my machine automatically reboots again, and the VX2.Look2Me shows up again in the CWShredder report. Tried using hijackthis to delete the O20 entry, but it just came back with a different name.

Thanks in advance for your help. I think this forum is wonderful.

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:48:17 PM, on 10/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll
O9 - Extra 'Tools' menuitem: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129496262560
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37370.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {BAB7B1B6-1FA2-41A2-A0A2-2CF82ACC3CA8} - http://www.topmoxie....pro1050_310.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://walgreensphot...ploadClient.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.pictur...loadControl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\jt0o07d3e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWltZWUA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#2 Swandog46

Swandog46

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 10,190 posts

Posted 20 October 2005 - 06:29 PM

Hi Diomed :)

Welcome to SWI. Thank you for your patience.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and please post the SpySweeper log along with a new HJT log :)

#3 Diomed

Diomed

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 20 October 2005 - 08:34 PM

Hi Swandog! Thanks for helping out. I followed your directions. Spy Sweeper seems to have helped, as I'm not getting any more pop-ups. The logs are below:

Logfile of HijackThis v1.99.1
Scan saved at 9:29:12 PM, on 10/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll
O9 - Extra 'Tools' menuitem: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129496262560
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37370.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://walgreensphot...ploadClient.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.pictur...loadControl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWltZWUA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe





********
8:16 PM: | Start of Session, Thursday, October 20, 2005 |
8:16 PM: Spy Sweeper started
8:16 PM: Sweep initiated using definitions version 559
8:16 PM: Starting Memory Sweep
8:17 PM: Found Adware: icannnews
8:17 PM: Detected running threat: C:\WINDOWS\SYSTEM32\mndxmlc.dll (ID = 83)
8:17 PM: Detected running threat: C:\WINDOWS\SYSTEM32\u4rule991h.dll (ID = 83)
8:20 PM: Memory Sweep Complete, Elapsed Time: 00:03:43
8:20 PM: Starting Registry Sweep
8:20 PM: Found Adware: azsearch toolbar
8:20 PM: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
8:20 PM: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103887)
8:20 PM: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
8:20 PM: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909)
8:20 PM: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
8:20 PM: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103911)
8:20 PM: Found Adware: blazefind
8:20 PM: HKLM\software\microsoft\windows\ || infamous (ID = 104517)
8:20 PM: Found System Monitor: sc-keylog
8:20 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\ (6 subtraces) (ID = 140468)
8:20 PM: Found Adware: quicklink search toolbar
8:20 PM: HKLM\software\ql\ (4 subtraces) (ID = 359458)
8:20 PM: HKCR\qlink.qlfilter\ (3 subtraces) (ID = 890588)
8:20 PM: HKCR\qlink.qlfilter.1\ (3 subtraces) (ID = 890592)
8:20 PM: HKCR\qlink.qlhelper\ (3 subtraces) (ID = 890596)
8:20 PM: HKCR\qlink.qlhelper.1\ (3 subtraces) (ID = 890600)
8:20 PM: HKCR\clsid\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (8 subtraces) (ID = 890604)
8:20 PM: HKCR\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\ (10 subtraces) (ID = 890613)
8:20 PM: HKCR\typelib\{090712ed-1622-4227-94d3-f573a9c2577f}\ (9 subtraces) (ID = 890624)
8:20 PM: HKLM\software\classes\qlink.qlfilter\ (3 subtraces) (ID = 890661)
8:20 PM: HKLM\software\classes\qlink.qlfilter.1\ (3 subtraces) (ID = 890665)
8:20 PM: HKLM\software\classes\qlink.qlhelper\ (3 subtraces) (ID = 890669)
8:20 PM: HKLM\software\classes\qlink.qlhelper.1\ (3 subtraces) (ID = 890673)
8:20 PM: HKLM\software\classes\clsid\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (8 subtraces) (ID = 890677)
8:20 PM: HKLM\software\classes\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\ (10 subtraces) (ID = 890686)
8:20 PM: Found Adware: instant access
8:20 PM: HKLM\software\classes\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\progid\ (1 subtraces) (ID = 890691)
8:20 PM: HKLM\software\classes\typelib\{090712ed-1622-4227-94d3-f573a9c2577f}\ (9 subtraces) (ID = 890697)
8:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)
8:20 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser qlhelper objects\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (ID = 909564)
8:20 PM: Found Adware: targetsaver
8:20 PM: HKU\S-1-5-21-808743801-135449575-3207847200-1007\software\tsl2\ (1 subtraces) (ID = 143616)
8:21 PM: Registry Sweep Complete, Elapsed Time:00:00:46
8:21 PM: Starting Cookie Sweep
8:21 PM: Found Spy Cookie: 2o7.net cookie
8:21 PM: aimee@2o7[2].txt (ID = 1957)
8:21 PM: Found Spy Cookie: 735 cookie
8:21 PM: aimee@735[1].txt (ID = 2009)
8:21 PM: Found Spy Cookie: 888 cookie
8:21 PM: aimee@888[1].txt (ID = 2019)
8:21 PM: Found Spy Cookie: websponsors cookie
8:21 PM: aimee@a.websponsors[1].txt (ID = 3665)
8:21 PM: Found Spy Cookie: yieldmanager cookie
8:21 PM: aimee@ad.yieldmanager[1].txt (ID = 3751)
8:21 PM: Found Spy Cookie: adknowledge cookie
8:21 PM: aimee@adknowledge[2].txt (ID = 2072)
8:21 PM: Found Spy Cookie: hbmediapro cookie
8:21 PM: aimee@adopt.hbmediapro[2].txt (ID = 2768)
8:21 PM: Found Spy Cookie: specificclick.com cookie
8:21 PM: aimee@adopt.specificclick[1].txt (ID = 3400)
8:21 PM: Found Spy Cookie: adprofile cookie
8:21 PM: aimee@adprofile[2].txt (ID = 2084)
8:21 PM: Found Spy Cookie: adrevolver cookie
8:21 PM: aimee@adrevolver[1].txt (ID = 2088)
8:21 PM: aimee@adrevolver[3].txt (ID = 2088)
8:21 PM: Found Spy Cookie: addynamix cookie
8:21 PM: aimee@ads.addynamix[1].txt (ID = 2062)
8:21 PM: Found Spy Cookie: apmebf cookie
8:21 PM: aimee@apmebf[2].txt (ID = 2229)
8:21 PM: Found Spy Cookie: falkag cookie
8:21 PM: aimee@as-us.falkag[2].txt (ID = 2650)
8:21 PM: aimee@as1.falkag[1].txt (ID = 2650)
8:21 PM: Found Spy Cookie: ask cookie
8:21 PM: aimee@ask[1].txt (ID = 2245)
8:21 PM: Found Spy Cookie: belnk cookie
8:21 PM: aimee@ath.belnk[2].txt (ID = 2293)
8:21 PM: Found Spy Cookie: atwola cookie
8:21 PM: aimee@atwola[1].txt (ID = 2255)
8:21 PM: Found Spy Cookie: azjmp cookie
8:21 PM: aimee@azjmp[1].txt (ID = 2270)
8:21 PM: aimee@belnk[1].txt (ID = 2292)
8:21 PM: Found Spy Cookie: bizrate cookie
8:21 PM: aimee@bizrate[2].txt (ID = 2308)
8:21 PM: Found Spy Cookie: bluestreak cookie
8:21 PM: aimee@bluestreak[2].txt (ID = 2314)
8:21 PM: Found Spy Cookie: centrport net cookie
8:21 PM: aimee@centrport[1].txt (ID = 2374)
8:21 PM: aimee@cnn.122.2o7[1].txt (ID = 1958)
8:21 PM: aimee@dist.belnk[2].txt (ID = 2293)
8:21 PM: Found Spy Cookie: ru4 cookie
8:21 PM: aimee@edge.ru4[2].txt (ID = 3269)
8:21 PM: Found Spy Cookie: go.com cookie
8:21 PM: aimee@espn.go[2].txt (ID = 2729)
8:21 PM: Found Spy Cookie: exitexchange cookie
8:21 PM: aimee@exitexchange[1].txt (ID = 2633)
8:21 PM: aimee@games.espn.go[1].txt (ID = 2729)
8:21 PM: aimee@go[2].txt (ID = 2728)
8:21 PM: Found Spy Cookie: starware.com cookie
8:21 PM: aimee@h.starware[2].txt (ID = 3442)
8:21 PM: Found Spy Cookie: clickandtrack cookie
8:21 PM: aimee@hits.clickandtrack[2].txt (ID = 2397)
8:21 PM: Found Spy Cookie: hypertracker.com cookie
8:21 PM: aimee@hypertracker[2].txt (ID = 2817)
8:21 PM: Found Spy Cookie: screensavers.com cookie
8:21 PM: aimee@i.screensavers[2].txt (ID = 3298)
8:21 PM: aimee@insider.espn.go[2].txt (ID = 2729)
8:21 PM: Found Spy Cookie: maxserving cookie
8:21 PM: aimee@maxserving[2].txt (ID = 2966)
8:21 PM: Found Spy Cookie: top-banners cookie
8:21 PM: aimee@media.top-banners[1].txt (ID = 3548)
8:21 PM: Found Spy Cookie: metareward.com cookie
8:21 PM: aimee@metareward[1].txt (ID = 2990)
8:21 PM: aimee@microsoftwga.112.2o7[2].txt (ID = 1958)
8:21 PM: Found Spy Cookie: aptimus cookie
8:21 PM: aimee@network.aptimus[2].txt (ID = 2235)
8:21 PM: Found Spy Cookie: nextag cookie
8:21 PM: aimee@nextag[1].txt (ID = 5014)
8:21 PM: Found Spy Cookie: partypoker cookie
8:21 PM: aimee@partypoker[1].txt (ID = 3111)
8:21 PM: Found Spy Cookie: paypopup cookie
8:21 PM: aimee@paypopup[2].txt (ID = 3119)
8:21 PM: Found Spy Cookie: overture cookie
8:21 PM: aimee@perf.overture[1].txt (ID = 3106)
8:21 PM: Found Spy Cookie: questionmarket cookie
8:21 PM: aimee@questionmarket[1].txt (ID = 3217)
8:21 PM: Found Spy Cookie: realmedia cookie
8:21 PM: aimee@realmedia[2].txt (ID = 3235)
8:21 PM: Found Spy Cookie: rednova cookie
8:21 PM: aimee@rednova[1].txt (ID = 3245)
8:21 PM: Found Spy Cookie: reunion cookie
8:21 PM: aimee@reunion[2].txt (ID = 3255)
8:21 PM: Found Spy Cookie: rn11 cookie
8:21 PM: aimee@rn11[2].txt (ID = 3261)
8:21 PM: aimee@rsi.espn.go[1].txt (ID = 2729)
8:21 PM: Found Spy Cookie: web-stat cookie
8:21 PM: aimee@server3.web-stat[1].txt (ID = 3649)
8:21 PM: Found Spy Cookie: serving-sys cookie
8:21 PM: aimee@serving-sys[1].txt (ID = 3343)
8:21 PM: Found Spy Cookie: dealtime cookie
8:21 PM: aimee@stat.dealtime[2].txt (ID = 2506)
8:21 PM: Found Spy Cookie: reliablestats cookie
8:21 PM: aimee@stats1.reliablestats[2].txt (ID = 3254)
8:21 PM: Found Spy Cookie: trafficmp cookie
8:21 PM: aimee@trafficmp[2].txt (ID = 3581)
8:21 PM: Found Spy Cookie: tribalfusion cookie
8:21 PM: aimee@tribalfusion[1].txt (ID = 3589)
8:21 PM: Found Spy Cookie: epilot cookie
8:21 PM: aimee@vaclick.epilot[1].txt (ID = 2622)
8:21 PM: Found Spy Cookie: burstbeacon cookie
8:21 PM: aimee@www.burstbeacon[1].txt (ID = 2335)
8:21 PM: Found Spy Cookie: myaffiliateprogram.com cookie
8:21 PM: aimee@www.myaffiliateprogram[1].txt (ID = 3032)
8:21 PM: aimee@www.rednova[1].txt (ID = 3246)
8:21 PM: aimee@www.starware[1].txt (ID = 3442)
8:21 PM: Found Spy Cookie: upspiral cookie
8:21 PM: aimee@www.upspiral[1].txt (ID = 3615)
8:21 PM: Found Spy Cookie: winantiviruspro cookie
8:21 PM: aimee@www.winantiviruspro[2].txt (ID = 3690)
8:21 PM: aimee@yieldmanager[2].txt (ID = 3749)
8:21 PM: Found Spy Cookie: adserver cookie
8:21 PM: aimee@z1.adserver[1].txt (ID = 2142)
8:21 PM: Found Spy Cookie: zedo cookie
8:21 PM: aimee@zedo[2].txt (ID = 3762)
8:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
8:21 PM: Starting File Sweep
8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read MFT entry 20243
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read MFT entry 21660
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read MFT entry 23737
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read MFT entry 60498
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:32 PM: Warning: Failed to read MFT entry 61498
8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
8:36 PM: Warning: Failed to read MFT entry 63575
8:36 PM: c:\program files\quicklinks (1 subtraces) (ID = -2147468660)
8:36 PM: c:\program files\quick links (1 subtraces) (ID = -2147478145)
8:39 PM: qllib.dll (ID = 168233)
8:39 PM: qlutility.exe (ID = 168232)
8:39 PM: Found Adware: ebates money maker
8:39 PM: dx.class (ID = 59604)
8:39 PM: dm.class (ID = 59583)
8:39 PM: Found Adware: hotbar
8:39 PM: d_icons_buttons_1000[1].xip (ID = 62278)
8:39 PM: d_icons_buttons_2000[1].xip (ID = 62280)
8:39 PM: d_icons_buttons_3000[1].xip (ID = 62282)
8:39 PM: tsd_bg[1].xip (ID = 62383)
8:39 PM: s_icons_buttons[1].xip (ID = 62379)
8:39 PM: keywords_sdf[1].xip (ID = 62359)
8:39 PM: keywords_idx[1].xip (ID = 62357)
8:43 PM: d_icons_buttons_bbar3[1].xip (ID = 62290)
8:44 PM: topmoxie_conflicts2.htm (ID = 59712)
8:44 PM: topmoxie_proxy.htm (ID = 59713)
8:44 PM: Found Adware: dealhelper
8:44 PM: lreqjau3.xml (ID = 57652)
8:46 PM: Warning: Failed to read file "c:\windows\$ntservicepackuninstall$\ntdetect.com". Data error (cyclic redundancy check)
8:48 PM: class-barrel (ID = 78229)
8:48 PM: vocabulary (ID = 78283)
8:50 PM: Found Adware: apropos
8:50 PM: exec.exe (ID = 50118)
8:52 PM: lreqjak2.xml (ID = 57648)
8:53 PM: wingenerics.dll (ID = 50187)
8:56 PM: lreqjau1.xml (ID = 57650)
8:56 PM: lreqjau.xml (ID = 57649)
8:56 PM: ct.class (ID = 59541)
8:56 PM: bp.class (ID = 59477)
8:56 PM: db.class (ID = 59560)
8:56 PM: Found Adware: limeshop
8:56 PM: dv.class (ID = 65515)
8:56 PM: cd.class (ID = 59508)
8:56 PM: c.class (ID = 65482)
8:56 PM: di.class (ID = 59572)
8:56 PM: n.class (ID = 59688)
8:56 PM: cz.class (ID = 59552)
8:56 PM: be.class (ID = 59456)
8:56 PM: ce.class (ID = 59509)
8:56 PM: ds.class (ID = 65512)
8:56 PM: df.class (ID = 59566)
8:56 PM: cp.class (ID = 65496)
8:56 PM: y.class (ID = 59732)
8:56 PM: cr.class (ID = 59536)
8:56 PM: by.class (ID = 65480)
8:56 PM: dd.class (ID = 65504)
8:56 PM: dt.class (ID = 65513)
8:56 PM: b.class (ID = 59447)
8:56 PM: f.class (ID = 59661)
8:56 PM: dn.class (ID = 59585)
8:56 PM: d.class (ID = 59554)
8:56 PM: dp.class (ID = 59587)
8:56 PM: bf.class (ID = 59458)
8:56 PM: ca.class (ID = 65483)
8:56 PM: bw.class (ID = 65478)
8:56 PM: dr.class (ID = 65511)
8:56 PM: cc.class (ID = 65485)
8:57 PM: ck.class (ID = 65491)
8:57 PM: bm.class (ID = 65473)
8:57 PM: ed.class (ID = 65520)
8:57 PM: dy.class (ID = 59606)
8:57 PM: bc.class (ID = 65467)
8:57 PM: dz.class (ID = 59607)
8:57 PM: bo.class (ID = 59476)
8:57 PM: dq.class (ID = 65510)
8:57 PM: cj.class (ID = 65490)
8:57 PM: cn.class (ID = 65494)
8:57 PM: bt.class (ID = 65475)
8:57 PM: dl.class (ID = 65509)
8:57 PM: bz.class (ID = 65481)
8:57 PM: ch.class (ID = 65488)
8:57 PM: bu.class (ID = 65476)
8:57 PM: da.class (ID = 65502)
8:57 PM: bi.class (ID = 65470)
8:57 PM: bl.class (ID = 65472)
8:57 PM: dg.class (ID = 65505)
8:57 PM: cx.class (ID = 65500)
8:57 PM: cv.class (ID = 65498)
8:57 PM: dj.class (ID = 65507)
8:57 PM: cl.class (ID = 65492)
8:57 PM: cb.class (ID = 65484)
8:57 PM: cu.class (ID = 65497)
8:57 PM: cf.class (ID = 65486)
8:57 PM: bg.class (ID = 65469)
8:57 PM: l.class (ID = 59674)
8:57 PM: system.dls (ID = 59702)
8:57 PM: loader.dls (ID = 65535)
8:57 PM: cs.class (ID = 59538)
8:57 PM: bn.class (ID = 59474)
8:57 PM: bk.class (ID = 59467)
8:57 PM: bb.class (ID = 59450)
8:57 PM: h.class (ID = 59664)
8:57 PM: bh.class (ID = 59462)
8:57 PM: ea.class (ID = 65517)
8:57 PM: br.class (ID = 59481)
8:57 PM: browsers.dls (ID = 59483)
8:57 PM: shopping.dls (ID = 65540)
8:57 PM: w.class (ID = 59719)
8:57 PM: de.class (ID = 59565)
8:57 PM: personality.dls (ID = 65538)
8:57 PM: lreqjak.xml (ID = 57646)
8:59 PM: cq.class (ID = 59535)
8:59 PM: bx.class (ID = 65479)
8:59 PM: dw.class (ID = 59602)
8:59 PM: r.class (ID = 59695)
9:01 PM: lreqjak1.xml (ID = 57647)
9:05 PM: lreqjau2.xml (ID = 57651)
9:08 PM: newlreqjatime.xml (ID = 163168)
9:08 PM: lreqjadk.xml (ID = 57645)
9:08 PM: d_icons_buttons_logos[1].xip (ID = 62284)
9:08 PM: linkpathlegal[1].xip (ID = 62363)
9:08 PM: d_icons_buttons_other[1].xip (ID = 62284)
9:08 PM: progress[1].xip (ID = 62368)
9:08 PM: d_icons_buttons_bar[1].xip (ID = 62284)
9:08 PM: progress[1].xip (ID = 62368)
9:08 PM: business_promo[1].xip (ID = 121856)
9:08 PM: progress[1].xip (ID = 62368)
9:08 PM: business_promo[2].xip (ID = 121856)
9:08 PM: hotbar_promo[1].xip (ID = 62351)
9:08 PM: eb.class (ID = 65518)
9:08 PM: q.class (ID = 59693)
9:08 PM: e.class (ID = 65516)
9:08 PM: g.class (ID = 65521)
9:08 PM: ec.class (ID = 65519)
9:08 PM: i.class (ID = 59665)
9:08 PM: k.class (ID = 65522)
9:08 PM: s.class (ID = 59698)
9:08 PM: a.class (ID = 59443)
9:08 PM: m.class (ID = 59679)
9:08 PM: j.class (ID = 59670)
9:08 PM: p.class (ID = 59689)
9:08 PM: v.class (ID = 59718)
9:08 PM: x.class (ID = 65545)
9:08 PM: ba.class (ID = 65466)
9:08 PM: bd.class (ID = 65468)
9:08 PM: bj.class (ID = 65471)
9:08 PM: bq.class (ID = 59480)
9:08 PM: bs.class (ID = 65474)
9:08 PM: bv.class (ID = 65477)
9:08 PM: t.class (ID = 59708)
9:08 PM: cg.class (ID = 65487)
9:08 PM: ci.class (ID = 65489)
9:08 PM: cm.class (ID = 65493)
9:08 PM: co.class (ID = 65495)
9:08 PM: cw.class (ID = 65499)
9:08 PM: cy.class (ID = 65501)
9:08 PM: dc.class (ID = 59561)
9:08 PM: u.class (ID = 59715)
9:08 PM: dh.class (ID = 65506)
9:08 PM: dk.class (ID = 65508)
9:08 PM: du.class (ID = 59596)
9:08 PM: Found System Monitor: potentially rootkit-masked files
9:08 PM: 139dpipe.sys (ID = 0)
9:08 PM: psbsmans.exe (ID = 0)
9:08 PM: 00006784_4352c460_0007a120 (ID = 0)
9:08 PM: 00003d6c_4352c461_00040d99 (ID = 0)
9:08 PM: 00004823_4352c454_0005b8d8 (ID = 0)
9:08 PM: index (ID = 0)
9:08 PM: dns (ID = 0)
9:08 PM: mcdpgt34.exe (ID = 0)
9:08 PM: ace.dll (ID = 0)
9:08 PM: data.bin (ID = 0)
9:08 PM: ctwcdrtc.exe (ID = 0)
9:08 PM: content_action.gif (ID = 0)
9:09 PM: ai_17-10-2005.log (ID = 0)
9:09 PM: ai_16-10-2005.log (ID = 0)
9:09 PM: ai_20-10-2005.log (ID = 0)
9:09 PM: 00000029_4352c3f8_00090f56 (ID = 0)
9:09 PM: 000018be_4352c45c_0008d24d (ID = 0)
9:09 PM: 00004ae1_4352c460_000c28cb (ID = 0)
9:09 PM: ai_18-10-2005.log (ID = 0)
9:09 PM: ai_19-10-2005.log (ID = 0)
9:14 PM: File Sweep Complete, Elapsed Time: 00:52:44
9:14 PM: Full Sweep has completed. Elapsed time 00:57:26
9:14 PM: Traces Found: 394
9:18 PM: Removal process initiated
9:19 PM: Quarantining All Traces: potentially rootkit-masked files
9:20 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:20 PM: 139dpipe.sys is in use. It will be removed on reboot.
9:20 PM: psbsmans.exe is in use. It will be removed on reboot.
9:20 PM: 00006784_4352c460_0007a120 is in use. It will be removed on reboot.
9:20 PM: 00003d6c_4352c461_00040d99 is in use. It will be removed on reboot.
9:20 PM: 00004823_4352c454_0005b8d8 is in use. It will be removed on reboot.
9:20 PM: index is in use. It will be removed on reboot.
9:20 PM: dns is in use. It will be removed on reboot.
9:20 PM: mcdpgt34.exe is in use. It will be removed on reboot.
9:20 PM: ace.dll is in use. It will be removed on reboot.
9:20 PM: data.bin is in use. It will be removed on reboot.
9:20 PM: ctwcdrtc.exe is in use. It will be removed on reboot.
9:20 PM: content_action.gif is in use. It will be removed on reboot.
9:20 PM: ai_17-10-2005.log is in use. It will be removed on reboot.
9:20 PM: ai_16-10-2005.log is in use. It will be removed on reboot.
9:20 PM: ai_20-10-2005.log is in use. It will be removed on reboot.
9:20 PM: 00000029_4352c3f8_00090f56 is in use. It will be removed on reboot.
9:20 PM: 000018be_4352c45c_0008d24d is in use. It will be removed on reboot.
9:20 PM: 00004ae1_4352c460_000c28cb is in use. It will be removed on reboot.
9:20 PM: ai_18-10-2005.log is in use. It will be removed on reboot.
9:20 PM: ai_19-10-2005.log is in use. It will be removed on reboot.
9:20 PM: Quarantining All Traces: sc-keylog
9:20 PM: Quarantining All Traces: apropos
9:20 PM: apropos is in use. It will be removed on reboot.
9:20 PM: wingenerics.dll is in use. It will be removed on reboot.
9:20 PM: Quarantining All Traces: azsearch toolbar
9:20 PM: Quarantining All Traces: blazefind
9:20 PM: Quarantining All Traces: dealhelper
9:20 PM: Quarantining All Traces: ebates money maker
9:20 PM: Quarantining All Traces: hotbar
9:20 PM: Quarantining All Traces: icannnews
9:21 PM: icannnews is in use. It will be removed on reboot.
9:21 PM: C:\WINDOWS\SYSTEM32\mndxmlc.dll is in use. It will be removed on reboot.
9:21 PM: C:\WINDOWS\SYSTEM32\u4rule991h.dll is in use. It will be removed on reboot.
9:21 PM: Quarantining All Traces: instant access
9:21 PM: Quarantining All Traces: limeshop
9:21 PM: Quarantining All Traces: quicklink search toolbar
9:21 PM: Quarantining All Traces: targetsaver
9:21 PM: Quarantining All Traces: 2o7.net cookie
9:21 PM: Quarantining All Traces: 735 cookie
9:21 PM: Quarantining All Traces: 888 cookie
9:21 PM: Quarantining All Traces: addynamix cookie
9:21 PM: Quarantining All Traces: adknowledge cookie
9:21 PM: Quarantining All Traces: adprofile cookie
9:21 PM: Quarantining All Traces: adrevolver cookie
9:21 PM: Quarantining All Traces: adserver cookie
9:21 PM: Quarantining All Traces: apmebf cookie
9:21 PM: Quarantining All Traces: aptimus cookie
9:21 PM: Quarantining All Traces: ask cookie
9:21 PM: Quarantining All Traces: atwola cookie
9:21 PM: Quarantining All Traces: azjmp cookie
9:21 PM: Quarantining All Traces: belnk cookie
9:21 PM: Quarantining All Traces: bizrate cookie
9:21 PM: Quarantining All Traces: bluestreak cookie
9:21 PM: Quarantining All Traces: burstbeacon cookie
9:21 PM: Quarantining All Traces: centrport net cookie
9:21 PM: Quarantining All Traces: clickandtrack cookie
9:21 PM: Quarantining All Traces: dealtime cookie
9:21 PM: Quarantining All Traces: epilot cookie
9:21 PM: Quarantining All Traces: exitexchange cookie
9:21 PM: Quarantining All Traces: falkag cookie
9:21 PM: Quarantining All Traces: go.com cookie
9:21 PM: Quarantining All Traces: hbmediapro cookie
9:21 PM: Quarantining All Traces: hypertracker.com cookie
9:21 PM: Quarantining All Traces: maxserving cookie
9:21 PM: Quarantining All Traces: metareward.com cookie
9:21 PM: Quarantining All Traces: myaffiliateprogram.com cookie
9:21 PM: Quarantining All Traces: nextag cookie
9:21 PM: Quarantining All Traces: overture cookie
9:21 PM: Quarantining All Traces: partypoker cookie
9:21 PM: Quarantining All Traces: paypopup cookie
9:21 PM: Quarantining All Traces: questionmarket cookie
9:21 PM: Quarantining All Traces: realmedia cookie
9:21 PM: Quarantining All Traces: rednova cookie
9:21 PM: Quarantining All Traces: reliablestats cookie
9:21 PM: Quarantining All Traces: reunion cookie
9:21 PM: Quarantining All Traces: rn11 cookie
9:21 PM: Quarantining All Traces: ru4 cookie
9:21 PM: Quarantining All Traces: screensavers.com cookie
9:21 PM: Quarantining All Traces: serving-sys cookie
9:21 PM: Quarantining All Traces: specificclick.com cookie
9:21 PM: Quarantining All Traces: starware.com cookie
9:21 PM: Quarantining All Traces: top-banners cookie
9:21 PM: Quarantining All Traces: trafficmp cookie
9:21 PM: Quarantining All Traces: tribalfusion cookie
9:21 PM: Quarantining All Traces: upspiral cookie
9:21 PM: Quarantining All Traces: websponsors cookie
9:21 PM: Quarantining All Traces: web-stat cookie
9:21 PM: Quarantining All Traces: winantiviruspro cookie
9:21 PM: Quarantining All Traces: yieldmanager cookie
9:21 PM: Quarantining All Traces: zedo cookie
9:21 PM: Preparing to restart your computer. Please wait...
9:21 PM: Removal process completed. Elapsed time 00:03:24
********
8:14 PM: | Start of Session, Thursday, October 20, 2005 |
8:14 PM: Spy Sweeper started
8:15 PM: Your spyware definitions have been updated.
8:16 PM: | End of Session, Thursday, October 20, 2005 |

#4 Swandog46

Swandog46

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 10,190 posts

Posted 20 October 2005 - 09:00 PM

Fantastic! :D Can I see one more new HJT log to make sure it didn't come back? This one is very persistent. Are you still having any further symptoms?

#5 Diomed

Diomed

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 20 October 2005 - 09:31 PM

EDIT: I'm having no further symptoms. The popups are all gone and there's no other strange behavior.

Thank you so much for your help. It's great what you all do here. I think I'm going to go make a donation (once I get my wife's approval of course) :D

Here's one more hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:34 PM, on 10/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ntvdm.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll
O9 - Extra 'Tools' menuitem: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129496262560
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37370.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://walgreensphot...ploadClient.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.pictur...loadControl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWltZWUA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Edited by Diomed, 21 October 2005 - 07:40 AM.


#6 Swandog46

Swandog46

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 10,190 posts

Posted 21 October 2005 - 07:49 AM

Thanks for your generosity :) Glad to help.

Everything looks great --- your HijackThis log is completely clean. :)
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. Your current versions are VERY outdated. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D

#7 Diomed

Diomed

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 October 2005 - 08:02 AM

Thanks for the help and the advice. I'll take care of that stuff this weekend.

Take care, and keep up the good work!

#8 Swandog46

Swandog46

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 10,190 posts

Posted 21 October 2005 - 04:16 PM

No problem. :) I'll leave this thread open for a few days so you don't have any trouble finding it, and then I'll close it and move it to the Resolved forum.

#9 jw50

jw50

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 18,969 posts

Posted 01 December 2005 - 03:09 PM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
<img src="http://maddoktor2.co...s/asap_sm3.jpg" border="0" alt="IPB Image" />




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button