• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Diomed

Persistent Adware won't go away

9 posts in this topic

I read the FAQ and followed all instructions.

 

I have some type of adware on my machine. Adaware and Spybot don't find anything when I scan. Norton finds problems, but can't eliminate them. Tried using CWShredder. It reports finding VX2.Look2Me, but if I try to fix it after I reboot, my machine automatically reboots again, and the VX2.Look2Me shows up again in the CWShredder report. Tried using hijackthis to delete the O20 entry, but it just came back with a different name.

 

Thanks in advance for your help. I think this forum is wonderful.

 

Here is my hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:48:17 PM, on 10/17/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm

O9 - Extra button: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll

O9 - Extra 'Tools' menuitem: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129496262560

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37370.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab

O16 - DPF: {BAB7B1B6-1FA2-41A2-A0A2-2CF82ACC3CA8} - http://www.topmoxie.com/external/builds/up...pro1050_310.cab

O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://walgreensphoto.digitalcameradevelop...ploadClient.cab

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\jt0o07d3e.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWltZWUA\command.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Hi Diomed :)

 

Welcome to SWI. Thank you for your patience.

 

Download the trial version of Spy Sweeper from Here

 

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

 

You will be prompted to check for updated definitions, please do so.

(This may take several minutes)

 

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

 

Click on Sweep and allow it to fully scan your system.

 

When the sweep has finished, click Remove. Click Select All and then Next

 

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

 

Exit Spy Sweeper.

 

Restart your computer, and please post the SpySweeper log along with a new HJT log :)

Share this post


Link to post
Share on other sites

Hi Swandog! Thanks for helping out. I followed your directions. Spy Sweeper seems to have helped, as I'm not getting any more pop-ups. The logs are below:

 

Logfile of HijackThis v1.99.1

Scan saved at 9:29:12 PM, on 10/20/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\devldr32.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

 

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm

O9 - Extra button: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll

O9 - Extra 'Tools' menuitem: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129496262560

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37370.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab

O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://walgreensphoto.digitalcameradevelop...ploadClient.cab

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWltZWUA\command.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

 

 

 

 

********

8:16 PM: | Start of Session, Thursday, October 20, 2005 |

8:16 PM: Spy Sweeper started

8:16 PM: Sweep initiated using definitions version 559

8:16 PM: Starting Memory Sweep

8:17 PM: Found Adware: icannnews

8:17 PM: Detected running threat: C:\WINDOWS\SYSTEM32\mndxmlc.dll (ID = 83)

8:17 PM: Detected running threat: C:\WINDOWS\SYSTEM32\u4rule991h.dll (ID = 83)

8:20 PM: Memory Sweep Complete, Elapsed Time: 00:03:43

8:20 PM: Starting Registry Sweep

8:20 PM: Found Adware: azsearch toolbar

8:20 PM: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)

8:20 PM: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103887)

8:20 PM: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)

8:20 PM: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909)

8:20 PM: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)

8:20 PM: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103911)

8:20 PM: Found Adware: blazefind

8:20 PM: HKLM\software\microsoft\windows\ || infamous (ID = 104517)

8:20 PM: Found System Monitor: sc-keylog

8:20 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\ (6 subtraces) (ID = 140468)

8:20 PM: Found Adware: quicklink search toolbar

8:20 PM: HKLM\software\ql\ (4 subtraces) (ID = 359458)

8:20 PM: HKCR\qlink.qlfilter\ (3 subtraces) (ID = 890588)

8:20 PM: HKCR\qlink.qlfilter.1\ (3 subtraces) (ID = 890592)

8:20 PM: HKCR\qlink.qlhelper\ (3 subtraces) (ID = 890596)

8:20 PM: HKCR\qlink.qlhelper.1\ (3 subtraces) (ID = 890600)

8:20 PM: HKCR\clsid\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (8 subtraces) (ID = 890604)

8:20 PM: HKCR\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\ (10 subtraces) (ID = 890613)

8:20 PM: HKCR\typelib\{090712ed-1622-4227-94d3-f573a9c2577f}\ (9 subtraces) (ID = 890624)

8:20 PM: HKLM\software\classes\qlink.qlfilter\ (3 subtraces) (ID = 890661)

8:20 PM: HKLM\software\classes\qlink.qlfilter.1\ (3 subtraces) (ID = 890665)

8:20 PM: HKLM\software\classes\qlink.qlhelper\ (3 subtraces) (ID = 890669)

8:20 PM: HKLM\software\classes\qlink.qlhelper.1\ (3 subtraces) (ID = 890673)

8:20 PM: HKLM\software\classes\clsid\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (8 subtraces) (ID = 890677)

8:20 PM: HKLM\software\classes\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\ (10 subtraces) (ID = 890686)

8:20 PM: Found Adware: instant access

8:20 PM: HKLM\software\classes\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\progid\ (1 subtraces) (ID = 890691)

8:20 PM: HKLM\software\classes\typelib\{090712ed-1622-4227-94d3-f573a9c2577f}\ (9 subtraces) (ID = 890697)

8:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)

8:20 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser qlhelper objects\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (ID = 909564)

8:20 PM: Found Adware: targetsaver

8:20 PM: HKU\S-1-5-21-808743801-135449575-3207847200-1007\software\tsl2\ (1 subtraces) (ID = 143616)

8:21 PM: Registry Sweep Complete, Elapsed Time:00:00:46

8:21 PM: Starting Cookie Sweep

8:21 PM: Found Spy Cookie: 2o7.net cookie

8:21 PM: aimee@2o7[2].txt (ID = 1957)

8:21 PM: Found Spy Cookie: 735 cookie

8:21 PM: aimee@735[1].txt (ID = 2009)

8:21 PM: Found Spy Cookie: 888 cookie

8:21 PM: aimee@888[1].txt (ID = 2019)

8:21 PM: Found Spy Cookie: websponsors cookie

8:21 PM: aimee@a.websponsors[1].txt (ID = 3665)

8:21 PM: Found Spy Cookie: yieldmanager cookie

8:21 PM: aimee@ad.yieldmanager[1].txt (ID = 3751)

8:21 PM: Found Spy Cookie: adknowledge cookie

8:21 PM: aimee@adknowledge[2].txt (ID = 2072)

8:21 PM: Found Spy Cookie: hbmediapro cookie

8:21 PM: aimee@adopt.hbmediapro[2].txt (ID = 2768)

8:21 PM: Found Spy Cookie: specificclick.com cookie

8:21 PM: aimee@adopt.specificclick[1].txt (ID = 3400)

8:21 PM: Found Spy Cookie: adprofile cookie

8:21 PM: aimee@adprofile[2].txt (ID = 2084)

8:21 PM: Found Spy Cookie: adrevolver cookie

8:21 PM: aimee@adrevolver[1].txt (ID = 2088)

8:21 PM: aimee@adrevolver[3].txt (ID = 2088)

8:21 PM: Found Spy Cookie: addynamix cookie

8:21 PM: aimee@ads.addynamix[1].txt (ID = 2062)

8:21 PM: Found Spy Cookie: apmebf cookie

8:21 PM: aimee@apmebf[2].txt (ID = 2229)

8:21 PM: Found Spy Cookie: falkag cookie

8:21 PM: aimee@as-us.falkag[2].txt (ID = 2650)

8:21 PM: aimee@as1.falkag[1].txt (ID = 2650)

8:21 PM: Found Spy Cookie: ask cookie

8:21 PM: aimee@ask[1].txt (ID = 2245)

8:21 PM: Found Spy Cookie: belnk cookie

8:21 PM: aimee@ath.belnk[2].txt (ID = 2293)

8:21 PM: Found Spy Cookie: atwola cookie

8:21 PM: aimee@atwola[1].txt (ID = 2255)

8:21 PM: Found Spy Cookie: azjmp cookie

8:21 PM: aimee@azjmp[1].txt (ID = 2270)

8:21 PM: aimee@belnk[1].txt (ID = 2292)

8:21 PM: Found Spy Cookie: bizrate cookie

8:21 PM: aimee@bizrate[2].txt (ID = 2308)

8:21 PM: Found Spy Cookie: bluestreak cookie

8:21 PM: aimee@bluestreak[2].txt (ID = 2314)

8:21 PM: Found Spy Cookie: centrport net cookie

8:21 PM: aimee@centrport[1].txt (ID = 2374)

8:21 PM: aimee@cnn.122.2o7[1].txt (ID = 1958)

8:21 PM: aimee@dist.belnk[2].txt (ID = 2293)

8:21 PM: Found Spy Cookie: ru4 cookie

8:21 PM: aimee@edge.ru4[2].txt (ID = 3269)

8:21 PM: Found Spy Cookie: go.com cookie

8:21 PM: aimee@espn.go[2].txt (ID = 2729)

8:21 PM: Found Spy Cookie: exitexchange cookie

8:21 PM: aimee@exitexchange[1].txt (ID = 2633)

8:21 PM: aimee@games.espn.go[1].txt (ID = 2729)

8:21 PM: aimee@go[2].txt (ID = 2728)

8:21 PM: Found Spy Cookie: starware.com cookie

8:21 PM: aimee@h.starware[2].txt (ID = 3442)

8:21 PM: Found Spy Cookie: clickandtrack cookie

8:21 PM: aimee@hits.clickandtrack[2].txt (ID = 2397)

8:21 PM: Found Spy Cookie: hypertracker.com cookie

8:21 PM: aimee@hypertracker[2].txt (ID = 2817)

8:21 PM: Found Spy Cookie: screensavers.com cookie

8:21 PM: aimee@i.screensavers[2].txt (ID = 3298)

8:21 PM: aimee@insider.espn.go[2].txt (ID = 2729)

8:21 PM: Found Spy Cookie: maxserving cookie

8:21 PM: aimee@maxserving[2].txt (ID = 2966)

8:21 PM: Found Spy Cookie: top-banners cookie

8:21 PM: aimee@media.top-banners[1].txt (ID = 3548)

8:21 PM: Found Spy Cookie: metareward.com cookie

8:21 PM: aimee@metareward[1].txt (ID = 2990)

8:21 PM: aimee@microsoftwga.112.2o7[2].txt (ID = 1958)

8:21 PM: Found Spy Cookie: aptimus cookie

8:21 PM: aimee@network.aptimus[2].txt (ID = 2235)

8:21 PM: Found Spy Cookie: nextag cookie

8:21 PM: aimee@nextag[1].txt (ID = 5014)

8:21 PM: Found Spy Cookie: partypoker cookie

8:21 PM: aimee@partypoker[1].txt (ID = 3111)

8:21 PM: Found Spy Cookie: paypopup cookie

8:21 PM: aimee@paypopup[2].txt (ID = 3119)

8:21 PM: Found Spy Cookie: overture cookie

8:21 PM: aimee@perf.overture[1].txt (ID = 3106)

8:21 PM: Found Spy Cookie: questionmarket cookie

8:21 PM: aimee@questionmarket[1].txt (ID = 3217)

8:21 PM: Found Spy Cookie: realmedia cookie

8:21 PM: aimee@realmedia[2].txt (ID = 3235)

8:21 PM: Found Spy Cookie: rednova cookie

8:21 PM: aimee@rednova[1].txt (ID = 3245)

8:21 PM: Found Spy Cookie: reunion cookie

8:21 PM: aimee@reunion[2].txt (ID = 3255)

8:21 PM: Found Spy Cookie: rn11 cookie

8:21 PM: aimee@rn11[2].txt (ID = 3261)

8:21 PM: aimee@rsi.espn.go[1].txt (ID = 2729)

8:21 PM: Found Spy Cookie: web-stat cookie

8:21 PM: aimee@server3.web-stat[1].txt (ID = 3649)

8:21 PM: Found Spy Cookie: serving-sys cookie

8:21 PM: aimee@serving-sys[1].txt (ID = 3343)

8:21 PM: Found Spy Cookie: dealtime cookie

8:21 PM: aimee@stat.dealtime[2].txt (ID = 2506)

8:21 PM: Found Spy Cookie: reliablestats cookie

8:21 PM: aimee@stats1.reliablestats[2].txt (ID = 3254)

8:21 PM: Found Spy Cookie: trafficmp cookie

8:21 PM: aimee@trafficmp[2].txt (ID = 3581)

8:21 PM: Found Spy Cookie: tribalfusion cookie

8:21 PM: aimee@tribalfusion[1].txt (ID = 3589)

8:21 PM: Found Spy Cookie: epilot cookie

8:21 PM: aimee@vaclick.epilot[1].txt (ID = 2622)

8:21 PM: Found Spy Cookie: burstbeacon cookie

8:21 PM: aimee@www.burstbeacon[1].txt (ID = 2335)

8:21 PM: Found Spy Cookie: myaffiliateprogram.com cookie

8:21 PM: aimee@www.myaffiliateprogram[1].txt (ID = 3032)

8:21 PM: aimee@www.rednova[1].txt (ID = 3246)

8:21 PM: aimee@www.starware[1].txt (ID = 3442)

8:21 PM: Found Spy Cookie: upspiral cookie

8:21 PM: aimee@www.upspiral[1].txt (ID = 3615)

8:21 PM: Found Spy Cookie: winantiviruspro cookie

8:21 PM: aimee@www.winantiviruspro[2].txt (ID = 3690)

8:21 PM: aimee@yieldmanager[2].txt (ID = 3749)

8:21 PM: Found Spy Cookie: adserver cookie

8:21 PM: aimee@z1.adserver[1].txt (ID = 2142)

8:21 PM: Found Spy Cookie: zedo cookie

8:21 PM: aimee@zedo[2].txt (ID = 3762)

8:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04

8:21 PM: Starting File Sweep

8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:21 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:22 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read MFT entry 20243

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:23 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read MFT entry 21660

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:24 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:25 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read MFT entry 23737

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read MFT entry 60498

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:32 PM: Warning: Failed to read MFT entry 61498

8:32 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:33 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:34 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:35 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:36 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)

8:36 PM: Warning: Failed to read MFT entry 63575

8:36 PM: c:\program files\quicklinks (1 subtraces) (ID = -2147468660)

8:36 PM: c:\program files\quick links (1 subtraces) (ID = -2147478145)

8:39 PM: qllib.dll (ID = 168233)

8:39 PM: qlutility.exe (ID = 168232)

8:39 PM: Found Adware: ebates money maker

8:39 PM: dx.class (ID = 59604)

8:39 PM: dm.class (ID = 59583)

8:39 PM: Found Adware: hotbar

8:39 PM: d_icons_buttons_1000[1].xip (ID = 62278)

8:39 PM: d_icons_buttons_2000[1].xip (ID = 62280)

8:39 PM: d_icons_buttons_3000[1].xip (ID = 62282)

8:39 PM: tsd_bg[1].xip (ID = 62383)

8:39 PM: s_icons_buttons[1].xip (ID = 62379)

8:39 PM: keywords_sdf[1].xip (ID = 62359)

8:39 PM: keywords_idx[1].xip (ID = 62357)

8:43 PM: d_icons_buttons_bbar3[1].xip (ID = 62290)

8:44 PM: topmoxie_conflicts2.htm (ID = 59712)

8:44 PM: topmoxie_proxy.htm (ID = 59713)

8:44 PM: Found Adware: dealhelper

8:44 PM: lreqjau3.xml (ID = 57652)

8:46 PM: Warning: Failed to read file "c:\windows\$ntservicepackuninstall$\ntdetect.com". Data error (cyclic redundancy check)

8:48 PM: class-barrel (ID = 78229)

8:48 PM: vocabulary (ID = 78283)

8:50 PM: Found Adware: apropos

8:50 PM: exec.exe (ID = 50118)

8:52 PM: lreqjak2.xml (ID = 57648)

8:53 PM: wingenerics.dll (ID = 50187)

8:56 PM: lreqjau1.xml (ID = 57650)

8:56 PM: lreqjau.xml (ID = 57649)

8:56 PM: ct.class (ID = 59541)

8:56 PM: bp.class (ID = 59477)

8:56 PM: db.class (ID = 59560)

8:56 PM: Found Adware: limeshop

8:56 PM: dv.class (ID = 65515)

8:56 PM: cd.class (ID = 59508)

8:56 PM: c.class (ID = 65482)

8:56 PM: di.class (ID = 59572)

8:56 PM: n.class (ID = 59688)

8:56 PM: cz.class (ID = 59552)

8:56 PM: be.class (ID = 59456)

8:56 PM: ce.class (ID = 59509)

8:56 PM: ds.class (ID = 65512)

8:56 PM: df.class (ID = 59566)

8:56 PM: cp.class (ID = 65496)

8:56 PM: y.class (ID = 59732)

8:56 PM: cr.class (ID = 59536)

8:56 PM: by.class (ID = 65480)

8:56 PM: dd.class (ID = 65504)

8:56 PM: dt.class (ID = 65513)

8:56 PM: b.class (ID = 59447)

8:56 PM: f.class (ID = 59661)

8:56 PM: dn.class (ID = 59585)

8:56 PM: d.class (ID = 59554)

8:56 PM: dp.class (ID = 59587)

8:56 PM: bf.class (ID = 59458)

8:56 PM: ca.class (ID = 65483)

8:56 PM: bw.class (ID = 65478)

8:56 PM: dr.class (ID = 65511)

8:56 PM: cc.class (ID = 65485)

8:57 PM: ck.class (ID = 65491)

8:57 PM: bm.class (ID = 65473)

8:57 PM: ed.class (ID = 65520)

8:57 PM: dy.class (ID = 59606)

8:57 PM: bc.class (ID = 65467)

8:57 PM: dz.class (ID = 59607)

8:57 PM: bo.class (ID = 59476)

8:57 PM: dq.class (ID = 65510)

8:57 PM: cj.class (ID = 65490)

8:57 PM: cn.class (ID = 65494)

8:57 PM: bt.class (ID = 65475)

8:57 PM: dl.class (ID = 65509)

8:57 PM: bz.class (ID = 65481)

8:57 PM: ch.class (ID = 65488)

8:57 PM: bu.class (ID = 65476)

8:57 PM: da.class (ID = 65502)

8:57 PM: bi.class (ID = 65470)

8:57 PM: bl.class (ID = 65472)

8:57 PM: dg.class (ID = 65505)

8:57 PM: cx.class (ID = 65500)

8:57 PM: cv.class (ID = 65498)

8:57 PM: dj.class (ID = 65507)

8:57 PM: cl.class (ID = 65492)

8:57 PM: cb.class (ID = 65484)

8:57 PM: cu.class (ID = 65497)

8:57 PM: cf.class (ID = 65486)

8:57 PM: bg.class (ID = 65469)

8:57 PM: l.class (ID = 59674)

8:57 PM: system.dls (ID = 59702)

8:57 PM: loader.dls (ID = 65535)

8:57 PM: cs.class (ID = 59538)

8:57 PM: bn.class (ID = 59474)

8:57 PM: bk.class (ID = 59467)

8:57 PM: bb.class (ID = 59450)

8:57 PM: h.class (ID = 59664)

8:57 PM: bh.class (ID = 59462)

8:57 PM: ea.class (ID = 65517)

8:57 PM: br.class (ID = 59481)

8:57 PM: browsers.dls (ID = 59483)

8:57 PM: shopping.dls (ID = 65540)

8:57 PM: w.class (ID = 59719)

8:57 PM: de.class (ID = 59565)

8:57 PM: personality.dls (ID = 65538)

8:57 PM: lreqjak.xml (ID = 57646)

8:59 PM: cq.class (ID = 59535)

8:59 PM: bx.class (ID = 65479)

8:59 PM: dw.class (ID = 59602)

8:59 PM: r.class (ID = 59695)

9:01 PM: lreqjak1.xml (ID = 57647)

9:05 PM: lreqjau2.xml (ID = 57651)

9:08 PM: newlreqjatime.xml (ID = 163168)

9:08 PM: lreqjadk.xml (ID = 57645)

9:08 PM: d_icons_buttons_logos[1].xip (ID = 62284)

9:08 PM: linkpathlegal[1].xip (ID = 62363)

9:08 PM: d_icons_buttons_other[1].xip (ID = 62284)

9:08 PM: progress[1].xip (ID = 62368)

9:08 PM: d_icons_buttons_bar[1].xip (ID = 62284)

9:08 PM: progress[1].xip (ID = 62368)

9:08 PM: business_promo[1].xip (ID = 121856)

9:08 PM: progress[1].xip (ID = 62368)

9:08 PM: business_promo[2].xip (ID = 121856)

9:08 PM: hotbar_promo[1].xip (ID = 62351)

9:08 PM: eb.class (ID = 65518)

9:08 PM: q.class (ID = 59693)

9:08 PM: e.class (ID = 65516)

9:08 PM: g.class (ID = 65521)

9:08 PM: ec.class (ID = 65519)

9:08 PM: i.class (ID = 59665)

9:08 PM: k.class (ID = 65522)

9:08 PM: s.class (ID = 59698)

9:08 PM: a.class (ID = 59443)

9:08 PM: m.class (ID = 59679)

9:08 PM: j.class (ID = 59670)

9:08 PM: p.class (ID = 59689)

9:08 PM: v.class (ID = 59718)

9:08 PM: x.class (ID = 65545)

9:08 PM: ba.class (ID = 65466)

9:08 PM: bd.class (ID = 65468)

9:08 PM: bj.class (ID = 65471)

9:08 PM: bq.class (ID = 59480)

9:08 PM: bs.class (ID = 65474)

9:08 PM: bv.class (ID = 65477)

9:08 PM: t.class (ID = 59708)

9:08 PM: cg.class (ID = 65487)

9:08 PM: ci.class (ID = 65489)

9:08 PM: cm.class (ID = 65493)

9:08 PM: co.class (ID = 65495)

9:08 PM: cw.class (ID = 65499)

9:08 PM: cy.class (ID = 65501)

9:08 PM: dc.class (ID = 59561)

9:08 PM: u.class (ID = 59715)

9:08 PM: dh.class (ID = 65506)

9:08 PM: dk.class (ID = 65508)

9:08 PM: du.class (ID = 59596)

9:08 PM: Found System Monitor: potentially rootkit-masked files

9:08 PM: 139dpipe.sys (ID = 0)

9:08 PM: psbsmans.exe (ID = 0)

9:08 PM: 00006784_4352c460_0007a120 (ID = 0)

9:08 PM: 00003d6c_4352c461_00040d99 (ID = 0)

9:08 PM: 00004823_4352c454_0005b8d8 (ID = 0)

9:08 PM: index (ID = 0)

9:08 PM: dns (ID = 0)

9:08 PM: mcdpgt34.exe (ID = 0)

9:08 PM: ace.dll (ID = 0)

9:08 PM: data.bin (ID = 0)

9:08 PM: ctwcdrtc.exe (ID = 0)

9:08 PM: content_action.gif (ID = 0)

9:09 PM: ai_17-10-2005.log (ID = 0)

9:09 PM: ai_16-10-2005.log (ID = 0)

9:09 PM: ai_20-10-2005.log (ID = 0)

9:09 PM: 00000029_4352c3f8_00090f56 (ID = 0)

9:09 PM: 000018be_4352c45c_0008d24d (ID = 0)

9:09 PM: 00004ae1_4352c460_000c28cb (ID = 0)

9:09 PM: ai_18-10-2005.log (ID = 0)

9:09 PM: ai_19-10-2005.log (ID = 0)

9:14 PM: File Sweep Complete, Elapsed Time: 00:52:44

9:14 PM: Full Sweep has completed. Elapsed time 00:57:26

9:14 PM: Traces Found: 394

9:18 PM: Removal process initiated

9:19 PM: Quarantining All Traces: potentially rootkit-masked files

9:20 PM: potentially rootkit-masked files is in use. It will be removed on reboot.

9:20 PM: 139dpipe.sys is in use. It will be removed on reboot.

9:20 PM: psbsmans.exe is in use. It will be removed on reboot.

9:20 PM: 00006784_4352c460_0007a120 is in use. It will be removed on reboot.

9:20 PM: 00003d6c_4352c461_00040d99 is in use. It will be removed on reboot.

9:20 PM: 00004823_4352c454_0005b8d8 is in use. It will be removed on reboot.

9:20 PM: index is in use. It will be removed on reboot.

9:20 PM: dns is in use. It will be removed on reboot.

9:20 PM: mcdpgt34.exe is in use. It will be removed on reboot.

9:20 PM: ace.dll is in use. It will be removed on reboot.

9:20 PM: data.bin is in use. It will be removed on reboot.

9:20 PM: ctwcdrtc.exe is in use. It will be removed on reboot.

9:20 PM: content_action.gif is in use. It will be removed on reboot.

9:20 PM: ai_17-10-2005.log is in use. It will be removed on reboot.

9:20 PM: ai_16-10-2005.log is in use. It will be removed on reboot.

9:20 PM: ai_20-10-2005.log is in use. It will be removed on reboot.

9:20 PM: 00000029_4352c3f8_00090f56 is in use. It will be removed on reboot.

9:20 PM: 000018be_4352c45c_0008d24d is in use. It will be removed on reboot.

9:20 PM: 00004ae1_4352c460_000c28cb is in use. It will be removed on reboot.

9:20 PM: ai_18-10-2005.log is in use. It will be removed on reboot.

9:20 PM: ai_19-10-2005.log is in use. It will be removed on reboot.

9:20 PM: Quarantining All Traces: sc-keylog

9:20 PM: Quarantining All Traces: apropos

9:20 PM: apropos is in use. It will be removed on reboot.

9:20 PM: wingenerics.dll is in use. It will be removed on reboot.

9:20 PM: Quarantining All Traces: azsearch toolbar

9:20 PM: Quarantining All Traces: blazefind

9:20 PM: Quarantining All Traces: dealhelper

9:20 PM: Quarantining All Traces: ebates money maker

9:20 PM: Quarantining All Traces: hotbar

9:20 PM: Quarantining All Traces: icannnews

9:21 PM: icannnews is in use. It will be removed on reboot.

9:21 PM: C:\WINDOWS\SYSTEM32\mndxmlc.dll is in use. It will be removed on reboot.

9:21 PM: C:\WINDOWS\SYSTEM32\u4rule991h.dll is in use. It will be removed on reboot.

9:21 PM: Quarantining All Traces: instant access

9:21 PM: Quarantining All Traces: limeshop

9:21 PM: Quarantining All Traces: quicklink search toolbar

9:21 PM: Quarantining All Traces: targetsaver

9:21 PM: Quarantining All Traces: 2o7.net cookie

9:21 PM: Quarantining All Traces: 735 cookie

9:21 PM: Quarantining All Traces: 888 cookie

9:21 PM: Quarantining All Traces: addynamix cookie

9:21 PM: Quarantining All Traces: adknowledge cookie

9:21 PM: Quarantining All Traces: adprofile cookie

9:21 PM: Quarantining All Traces: adrevolver cookie

9:21 PM: Quarantining All Traces: adserver cookie

9:21 PM: Quarantining All Traces: apmebf cookie

9:21 PM: Quarantining All Traces: aptimus cookie

9:21 PM: Quarantining All Traces: ask cookie

9:21 PM: Quarantining All Traces: atwola cookie

9:21 PM: Quarantining All Traces: azjmp cookie

9:21 PM: Quarantining All Traces: belnk cookie

9:21 PM: Quarantining All Traces: bizrate cookie

9:21 PM: Quarantining All Traces: bluestreak cookie

9:21 PM: Quarantining All Traces: burstbeacon cookie

9:21 PM: Quarantining All Traces: centrport net cookie

9:21 PM: Quarantining All Traces: clickandtrack cookie

9:21 PM: Quarantining All Traces: dealtime cookie

9:21 PM: Quarantining All Traces: epilot cookie

9:21 PM: Quarantining All Traces: exitexchange cookie

9:21 PM: Quarantining All Traces: falkag cookie

9:21 PM: Quarantining All Traces: go.com cookie

9:21 PM: Quarantining All Traces: hbmediapro cookie

9:21 PM: Quarantining All Traces: hypertracker.com cookie

9:21 PM: Quarantining All Traces: maxserving cookie

9:21 PM: Quarantining All Traces: metareward.com cookie

9:21 PM: Quarantining All Traces: myaffiliateprogram.com cookie

9:21 PM: Quarantining All Traces: nextag cookie

9:21 PM: Quarantining All Traces: overture cookie

9:21 PM: Quarantining All Traces: partypoker cookie

9:21 PM: Quarantining All Traces: paypopup cookie

9:21 PM: Quarantining All Traces: questionmarket cookie

9:21 PM: Quarantining All Traces: realmedia cookie

9:21 PM: Quarantining All Traces: rednova cookie

9:21 PM: Quarantining All Traces: reliablestats cookie

9:21 PM: Quarantining All Traces: reunion cookie

9:21 PM: Quarantining All Traces: rn11 cookie

9:21 PM: Quarantining All Traces: ru4 cookie

9:21 PM: Quarantining All Traces: screensavers.com cookie

9:21 PM: Quarantining All Traces: serving-sys cookie

9:21 PM: Quarantining All Traces: specificclick.com cookie

9:21 PM: Quarantining All Traces: starware.com cookie

9:21 PM: Quarantining All Traces: top-banners cookie

9:21 PM: Quarantining All Traces: trafficmp cookie

9:21 PM: Quarantining All Traces: tribalfusion cookie

9:21 PM: Quarantining All Traces: upspiral cookie

9:21 PM: Quarantining All Traces: websponsors cookie

9:21 PM: Quarantining All Traces: web-stat cookie

9:21 PM: Quarantining All Traces: winantiviruspro cookie

9:21 PM: Quarantining All Traces: yieldmanager cookie

9:21 PM: Quarantining All Traces: zedo cookie

9:21 PM: Preparing to restart your computer. Please wait...

9:21 PM: Removal process completed. Elapsed time 00:03:24

********

8:14 PM: | Start of Session, Thursday, October 20, 2005 |

8:14 PM: Spy Sweeper started

8:15 PM: Your spyware definitions have been updated.

8:16 PM: | End of Session, Thursday, October 20, 2005 |

Share this post


Link to post
Share on other sites

Fantastic! :D Can I see one more new HJT log to make sure it didn't come back? This one is very persistent. Are you still having any further symptoms?

Share this post


Link to post
Share on other sites

EDIT: I'm having no further symptoms. The popups are all gone and there's no other strange behavior.

 

Thank you so much for your help. It's great what you all do here. I think I'm going to go make a donation (once I get my wife's approval of course) :D

 

Here's one more hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:28:34 PM, on 10/20/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\devldr32.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ntvdm.exe

C:\hijackthis\HijackThis.exe

 

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm

O9 - Extra button: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll

O9 - Extra 'Tools' menuitem: LIVEview - {40225365-9FBD-42d1-93E9-E7A60DC3ECA8} - C:\Program Files\Coremetrics\LIVEview\\LIVEview.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129496262560

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37370.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab

O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://walgreensphoto.digitalcameradevelop...ploadClient.cab

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.com/acti...loadControl.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWltZWUA\command.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Edited by Diomed

Share this post


Link to post
Share on other sites

Thanks for your generosity :) Glad to help.

 

Everything looks great --- your HijackThis log is completely clean. :)

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

 

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. Your current versions are VERY outdated. I cannot stress enough how important this is.

 

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

 

Ad-Aware SE

A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

 

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

 

SpywareGuard

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

 

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:

http://www.mozilla.org/products/firefox/

 

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems! Good luck. :D

Share this post


Link to post
Share on other sites

No problem. :) I'll leave this thread open for a few days so you don't have any trouble finding it, and then I'll close it and move it to the Resolved forum.

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team

an email with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0