WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

x.bat trouble

Started by giants06 , Feb 28 2006 09:33 AM

This topic is locked

36 replies to this topic

#1 giants06

New Member

Authentic Member
19 posts

Posted 28 February 2006 - 09:33 AM

hello--- I have been attacked by something. Each time I connect to the internet, I get an error message saying "windows cannot find x.bat..... ". A moment later my mcafee antivirus reports that it has deleted a virus infected file C:\windows\system32\kansup.reg. However, it must not have deleted it because it says the same thing the next time. I have scanned with mcafee a number of times, also adaware 6.0 and mcafee stinger with no success. What do you think? Thanks

leeqe60 likes this

Advertisements

Register to Remove

#2 giants06

New Member

Authentic Member
19 posts

Posted 07 March 2006 - 10:52 AM

http://forums.tomcoy...st&f=27&t=59092

#3 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 08 March 2006 - 10:30 AM

Hello giants06, Welcome to the Forum.

There's a new version of HijackThis.

Please delete any HijackThis Folders and Files you have now.

Please download this self extracting file to your My Downloads folder or My Received Files (dependent on your Operating System):

Click the "Save" button.

Navigate to My Documents>Chose My Downloads or My Received Files folder once inside that folder click "Save".

Now go to the folder you saved HijackThis_sfx.exe in.

Double click HijackThis_sfx.exe and select Unzip. When done click "OK".
Close the WinZip self Extractor window.

Open HijackThis and select: Do a system scan and save a log file.

When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here [Add Reply].

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#4 giants06

New Member

Authentic Member
19 posts

Posted 14 March 2006 - 11:46 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:33:15 AM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\AOLSPYWARECLEANER.EXE
C:\mousepad2.exe
C:\WINDOWS\kjxlfdtA.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\qsdsregk.exe
C:\WINDOWS\system32\twintrag.exe
C:\windows\rlvknlg.exe
C:\WINDOWS\ms04555034095.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\kjxlfdt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsmedia....A//www.wbul.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E686FD8-1E65-85A1-6A80-E2EA74E3673C} - C:\WINDOWS\Aedutrgm.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AOLSPYWAREREMOVER] AOLSPYWARECLEANER.EXE
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [kjxlfdtA] C:\WINDOWS\kjxlfdtA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{95-52-22-2F-ZN}] C:\windows\system32\qsdsregk.exe CORN001
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twintrag.exe CORN001
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ms04555034095] C:\WINDOWS\ms04555034095.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [AOLSPYWAREREMOVER] AOLSPYWARECLEANER.EXE
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twintrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\uzwtxta.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.0.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gsu.ed...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F930E10D-80B7-4C3A-8484-D7E87FD4750C}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: repairs303169545.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kjxlfdt.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#5 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 04:02 PM

This is what I suggest you do.

Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#6 giants06

New Member

Authentic Member
19 posts

Posted 15 March 2006 - 08:42 PM

Thank you for your help. I have posted two reports from Ewido and a new hijack this below. The Ewido reports may not be what you want. The "save report" tab was grayed out after the scan. I got these from "analysis". The scan said it had found 186 infected files. It apparently wasn't interested in cleaning them. spybot found nothing. adaware found 330 infected objects and claimed it had removed them. The computer problems had progressed to where I was getting numerous popups filling the screen about every five minutes. This has been replaced by the "ewido guard" reporting infected files numerous times. I suppose that's an improvement. Well, sort of. Is there any point to hitting the clean button each time it reports or should I just shove it off to the side? Also, should I restore that hidden files stuff you had me do back to default settings? Anyways.... this sure is fun... let's try something else.---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 5:41:23 PM, 3/15/2006
+ Report-Checksum: 2D0D551F

0: System Process
4: System Process
128: \SystemRoot\System32\smss.exe
176: \??\C:\WINDOWS\system32\csrss.exe
200: \??\C:\WINDOWS\system32\winlogon.exe
248: C:\WINDOWS\system32\services.exe
260: C:\WINDOWS\system32\lsass.exe
412: C:\WINDOWS\system32\svchost.exe
480: C:\WINDOWS\system32\svchost.exe
544: C:\WINDOWS\system32\svchost.exe
752: C:\WINDOWS\Explorer.EXE---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 5:37:11 PM, 3/15/2006
+ Report-Checksum: 86AAF895

Reg\HKLM\Run MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Reg\HKCU\Run AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
Reg\HKCU\Run DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Reg\HKCU\Run CU1 C:\Program Files\Common Files\VCClient\VCClient.exe
Reg\HKLM\Run HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
Reg\HKLM\Run BCMSMMSG BCMSMMSG.exe
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run MMTray "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
Reg\HKLM\Run YBrowser C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
Reg\HKLM\Run tgcmdprovidersbc "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
Reg\HKLM\Run Dell AIO Printer A940 "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Reg\HKCU\Run CU2 C:\Program Files\Common Files\VCClient\VCMain.exe
Reg\HKLM\Run Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
Reg\HKLM\Run Motive SmartBridge C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
Reg\HKLM\Run BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
Reg\HKLM\Run HostManager C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
Reg\HKLM\Run MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Reg\HKCU\Run SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe
Reg\HKLM\Run DIGStream C:\Program Files\DIGStream\digstream.exe
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run YOP C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
Reg\HKLM\Run MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
Reg\HKLM\Run CaAvTray "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
Reg\HKLM\Run CAVRID "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
Reg\HKLM\Run keyboard C:\\keyboard2.exe
Reg\HKLM\Run New.net Startup rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
Reg\HKLM\Run SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe
Reg\HKLM\Run newname C:\\newname2.exe
Reg\HKLM\Run BrowserUpdateSched C:\WINDOWS\system32\twinprag.exe CORN001
Reg\HKCU\Run Sonic RecordNow!
Reg\HKCU\Run Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Reg\HKLM\Run IgfxTray C:\WINDOWS\system32\igfxtray.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Shell\CommonStartup SBC Self Support Tool.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
Shell\UserStartup Zeno.lnk C:\Documents and Settings\david smith\Start Menu\Programs\Startup\Zeno.lnk
Shell\UserStartup Z_Start.lnk C:\Documents and Settings\david smith\Start Menu\Programs\Startup\Z_Start.lnk
Shell\CommonStartup Adobe Reader Speed Launch.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

964: C:\Program Files\ewido anti-malware\SecuritySuite.exeLogfile of HijackThis v1.99.1
Scan saved at 5:55:35 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\twinprag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsmedia....A//www.wbul.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E686FD8-1E65-85A1-6A80-E2EA74E3673C} - C:\WINDOWS\Aedutrgm.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinprag.exe CORN001
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinprag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\qsdsregk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\uzwtxta.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.0.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gsu.ed...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O20 - AppInit_DLLs: repairs303169545.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kjxlfdt.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 15 March 2006 - 08:48 PM

Also, should I restore that hidden files stuff you had me do back to default settings?

Not yet. I need to see them so we can kill them.

One more program to run before we start thr manual cleaning. I hope you're not in a hurry.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#8 giants06

New Member

Authentic Member
19 posts

Posted 15 March 2006 - 11:21 PM

I did not save the log from spy sweeper. It asked me to reboot and I did. I should have waited to reboot until after I retrieved the log I suppose. It found about 160 or so items and was supposed to have removed them. The Ewido guard is still screaming at me though. HJT below.-----------------------------------------------Logfile of HijackThis v1.99.1
Scan saved at 9:05:05 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsmedia....A//www.wbul.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E686FD8-1E65-85A1-6A80-E2EA74E3673C} - C:\WINDOWS\Aedutrgm.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.0.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gsu.ed...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F930E10D-80B7-4C3A-8484-D7E87FD4750C}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: repairs303169545.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#9 giants06

New Member

Authentic Member
19 posts

Posted 16 March 2006 - 01:50 AM

OK-- now I see I could go back and get the spy sweeper log-- here it is******** 7:32 PM: | Start of Session, Wednesday, March 15, 2006 | 7:32 PM: Spy Sweeper started 7:32 PM: Sweep initiated using definitions version 634 7:32 PM: Found Adware: surfsidekick 7:32 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055336) 7:32 PM: Ssk.exe (ID = 1055336) 7:32 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335) 7:32 PM: Ssk.exe (ID = 1055335) 7:32 PM: Starting Memory Sweep 7:32 PM: The Spy Communication shield has blocked access to: dl.surfsidekick.com 7:32 PM: The Spy Communication shield has blocked access to: dl.surfsidekick.com 7:41 PM: Memory Sweep Complete, Elapsed Time: 00:08:41 7:41 PM: Starting Registry Sweep 7:41 PM: Found Adware: coolwebsearch (cws) 7:41 PM: HKLM\software\microsoft\code store database\distribution units\{10000000-1000-0000-1000-000000000000}\ (7 subtraces) (ID = 109814) 7:41 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389) 7:41 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392) 7:41 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400) 7:41 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406) 7:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408) 7:41 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413) 7:41 PM: Found Adware: zenosearchassistant 7:41 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (2 subtraces) (ID = 147930) 7:41 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (2 subtraces) (ID = 147931) 7:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (2 subtraces) (ID = 147934) 7:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (2 subtraces) (ID = 147935) 7:41 PM: Found Adware: visfx 7:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951) 7:41 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954) 7:41 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064) 7:41 PM: Found Adware: enbrowser 7:41 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808) 7:41 PM: Found Adware: mirar webband 7:41 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055242) 7:41 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055248) 7:41 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055250) 7:41 PM: HKCR\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055256) 7:41 PM: HKCR\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055268) 7:41 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055285) 7:41 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055291) 7:41 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055293) 7:41 PM: HKLM\software\classes\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055311) 7:41 PM: HKLM\software\classes\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055323) 7:41 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333) 7:41 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (2 subtraces) (ID = 1066860) 7:41 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246) 7:41 PM: Found Adware: elitemediagroup-pop64 7:41 PM: HKLM\software\microsoft\code store database\distribution units\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (7 subtraces) (ID = 1122691) 7:41 PM: Found Adware: marketscore 7:41 PM: HKCR\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (20 subtraces) (ID = 1144173) 7:41 PM: HKCR\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (9 subtraces) (ID = 1144194) 7:41 PM: HKLM\software\classes\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (20 subtraces) (ID = 1144222) 7:41 PM: HKLM\software\classes\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (9 subtraces) (ID = 1144226) 7:41 PM: HKCR\iceclientatl.surveyclientctl\ (5 subtraces) (ID = 1149340) 7:41 PM: HKCR\iceclientatl.surveyclientctl.1\ (3 subtraces) (ID = 1149346) 7:41 PM: HKLM\software\classes\iceclientatl.surveyclientctl\ (5 subtraces) (ID = 1149354) 7:41 PM: HKLM\software\classes\iceclientatl.surveyclientctl.1\ (3 subtraces) (ID = 1149360) 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397) 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403) 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\surfsidekick3\ (3 subtraces) (ID = 143412) 7:42 PM: Found Adware: findthewebsiteyouneed hijack 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\system\sysuid\ (1 subtraces) (ID = 731748) 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965) 7:42 PM: HKU\S-1-5-21-295333786-663350222-1581928069-1007\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966) 7:42 PM: Registry Sweep Complete, Elapsed Time:00:00:46 7:42 PM: Starting Cookie Sweep 7:42 PM: Found Spy Cookie: 2o7.net cookie 7:42 PM: david smith@112.2o7[1].txt (ID = 1958) 7:42 PM: Found Spy Cookie: 216.221.138 cookie 7:42 PM: david smith@216.221.138[2].txt (ID = 1947) 7:42 PM: david smith@2o7[2].txt (ID = 1957) 7:42 PM: Found Spy Cookie: 64.62.232 cookie 7:42 PM: david smith@64.62.232[1].txt (ID = 1987) 7:42 PM: david smith@64.62.232[2].txt (ID = 1987) 7:42 PM: david smith@64.62.232[3].txt (ID = 1987) 7:42 PM: Found Spy Cookie: 80503492 cookie 7:42 PM: david smith@80503492[1].txt (ID = 2013) 7:42 PM: Found Spy Cookie: 888 cookie 7:42 PM: david smith@888[2].txt (ID = 2019) 7:42 PM: Found Spy Cookie: websponsors cookie 7:42 PM: david smith@a.websponsors[2].txt (ID = 3665) 7:42 PM: Found Spy Cookie: go.com cookie 7:42 PM: david smith@abc.go[2].txt (ID = 2729) 7:42 PM: david smith@abclocal.go[1].txt (ID = 2729) 7:42 PM: david smith@abcnews.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: about cookie 7:42 PM: david smith@about[1].txt (ID = 2037) 7:42 PM: Found Spy Cookie: reunion cookie 7:42 PM: david smith@ad.reunion[1].txt (ID = 3256) 7:42 PM: Found Spy Cookie: yieldmanager cookie 7:42 PM: david smith@ad.yieldmanager[2].txt (ID = 3751) 7:42 PM: david smith@adam.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: adecn cookie 7:42 PM: david smith@adecn[2].txt (ID = 2063) 7:42 PM: Found Spy Cookie: adknowledge cookie 7:42 PM: david smith@adknowledge[2].txt (ID = 2072) 7:42 PM: Found Spy Cookie: hbmediapro cookie 7:42 PM: david smith@adopt.hbmediapro[1].txt (ID = 2768) 7:42 PM: Found Spy Cookie: hotbar cookie 7:42 PM: david smith@adopt.hotbar[2].txt (ID = 4207) 7:42 PM: Found Spy Cookie: specificclick.com cookie 7:42 PM: david smith@adopt.specificclick[1].txt (ID = 3400) 7:42 PM: Found Spy Cookie: adrevolver cookie 7:42 PM: david smith@adrevolver[2].txt (ID = 2088) 7:42 PM: david smith@adrevolver[3].txt (ID = 2088) 7:42 PM: Found Spy Cookie: belointeractive cookie 7:42 PM: david smith@ads.belointeractive[1].txt (ID = 2295) 7:42 PM: Found Spy Cookie: ads.businessweek cookie 7:42 PM: david smith@ads.businessweek[1].txt (ID = 2113) 7:42 PM: Found Spy Cookie: gorillanation cookie 7:42 PM: david smith@ads.gorillanation[1].txt (ID = 2744) 7:42 PM: david smith@ads.specificclick[1].txt (ID = 3400) 7:42 PM: Found Spy Cookie: revenue.net cookie 7:42 PM: david smith@ads1.revenue[1].txt (ID = 3258) 7:42 PM: Found Spy Cookie: alt cookie 7:42 PM: david smith@alt[2].txt (ID = 2217) 7:42 PM: Found Spy Cookie: apmebf cookie 7:42 PM: david smith@apmebf[2].txt (ID = 2229) 7:42 PM: Found Spy Cookie: falkag cookie 7:42 PM: david smith@as-eu.falkag[2].txt (ID = 2650) 7:42 PM: david smith@as-us.falkag[1].txt (ID = 2650) 7:42 PM: Found Spy Cookie: askmen cookie 7:42 PM: david smith@askmen[1].txt (ID = 2247) 7:42 PM: Found Spy Cookie: ask cookie 7:42 PM: david smith@ask[1].txt (ID = 2245) 7:42 PM: Found Spy Cookie: belnk cookie 7:42 PM: david smith@ath.belnk[1].txt (ID = 2293) 7:42 PM: Found Spy Cookie: atwola cookie 7:42 PM: david smith@atwola[2].txt (ID = 2255) 7:42 PM: Found Spy Cookie: howstuffworks cookie 7:42 PM: david smith@auto.howstuffworks[2].txt (ID = 2806) 7:42 PM: david smith@autorepair.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: azjmp cookie 7:42 PM: david smith@azjmp[1].txt (ID = 2270) 7:42 PM: Found Spy Cookie: inet-traffic.com cookie 7:42 PM: david smith@banner2.inet-traffic[1].txt (ID = 2856) 7:42 PM: Found Spy Cookie: bannerspace cookie 7:42 PM: david smith@bannerspace[2].txt (ID = 2284) 7:42 PM: Found Spy Cookie: banner cookie 7:42 PM: david smith@banner[2].txt (ID = 2276) 7:42 PM: david smith@belnk[1].txt (ID = 2292) 7:42 PM: david smith@belointeractive[1].txt (ID = 2294) 7:42 PM: Found Spy Cookie: bilbo.counted.com cookie 7:42 PM: david smith@bilbo.counted[2].txt (ID = 2306) 7:42 PM: Found Spy Cookie: bizrate cookie 7:42 PM: david smith@bizrate[1].txt (ID = 2308) 7:42 PM: david smith@boston.about[1].txt (ID = 2038) 7:42 PM: david smith@broadband.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: burstnet cookie 7:42 PM: david smith@burstnet[2].txt (ID = 2336) 7:42 PM: Found Spy Cookie: enhance cookie 7:42 PM: david smith@c.enhance[2].txt (ID = 2614) 7:42 PM: Found Spy Cookie: barelylegal cookie 7:42 PM: david smith@c.fsx[1].txt (ID = 2286) 7:42 PM: Found Spy Cookie: goclick cookie 7:42 PM: david smith@c.goclick[2].txt (ID = 2733) 7:42 PM: Found Spy Cookie: gostats cookie 7:42 PM: david smith@c2.gostats[2].txt (ID = 2748) 7:42 PM: david smith@c3.gostats[2].txt (ID = 2748) 7:42 PM: Found Spy Cookie: casalemedia cookie 7:42 PM: david smith@casalemedia[2].txt (ID = 2354) 7:42 PM: Found Spy Cookie: cassava cookie 7:42 PM: david smith@cassava[1].txt (ID = 2362) 7:42 PM: david smith@cbs.112.2o7[2].txt (ID = 1958) 7:42 PM: Found Spy Cookie: ccbill cookie 7:42 PM: david smith@ccbill[1].txt (ID = 2369) 7:42 PM: Found Spy Cookie: commission junction cookie 7:42 PM: david smith@cj[1].txt (ID = 2453) 7:42 PM: Found Spy Cookie: classmates cookie 7:42 PM: david smith@classmates[2].txt (ID = 2384) 7:42 PM: Found Spy Cookie: cnt cookie 7:42 PM: david smith@cnt[1].txt (ID = 2422) 7:42 PM: david smith@cocktails.about[1].txt (ID = 2038) 7:42 PM: david smith@computer.howstuffworks[2].txt (ID = 2806) 7:42 PM: Found Spy Cookie: tickle cookie 7:42 PM: david smith@cookie.tickle[1].txt (ID = 3530) 7:42 PM: Found Spy Cookie: coolsavings cookie 7:42 PM: david smith@coolsavings[2].txt (ID = 2465) 7:42 PM: Found Spy Cookie: coolwebsearch cookie 7:42 PM: david smith@coolwebsearch[1].txt (ID = 2469) 7:42 PM: Found Spy Cookie: sexsuche cookie 7:42 PM: david smith@counter.sexsuche[1].txt (ID = 3360) 7:42 PM: Found Spy Cookie: 360i cookie 7:42 PM: david smith@ct.360i[2].txt (ID = 1962) 7:42 PM: Found Spy Cookie: customer cookie 7:42 PM: david smith@customer[1].txt (ID = 2481) 7:42 PM: david smith@customer[2].txt (ID = 2481) 7:42 PM: david smith@customer[3].txt (ID = 2481) 7:42 PM: Found Spy Cookie: clickzs cookie 7:42 PM: david smith@cz3.clickzs[1].txt (ID = 2413) 7:42 PM: david smith@cz4.clickzs[1].txt (ID = 2413) 7:42 PM: david smith@cz5.clickzs[1].txt (ID = 2413) 7:42 PM: david smith@cz6.clickzs[1].txt (ID = 2413) 7:42 PM: david smith@cz7.clickzs[2].txt (ID = 2413) 7:42 PM: david smith@cz8.clickzs[2].txt (ID = 2413) 7:42 PM: david smith@cz9.clickzs[2].txt (ID = 2413) 7:42 PM: Found Spy Cookie: overture cookie 7:42 PM: david smith@data1.perf.overture[1].txt (ID = 3106) 7:42 PM: david smith@data3.perf.overture[1].txt (ID = 3106) 7:42 PM: david smith@data4.perf.overture[1].txt (ID = 3106) 7:42 PM: Found Spy Cookie: dealtime cookie 7:42 PM: david smith@dealtime[1].txt (ID = 2505) 7:42 PM: Found Spy Cookie: did-it cookie 7:42 PM: david smith@did-it[1].txt (ID = 2523) 7:42 PM: david smith@disney.go[1].txt (ID = 2729) 7:42 PM: david smith@dist.belnk[2].txt (ID = 2293) 7:42 PM: Found Spy Cookie: ru4 cookie 7:42 PM: david smith@edge.ru4[1].txt (ID = 3269) 7:42 PM: david smith@espn.go[2].txt (ID = 2729) 7:42 PM: david smith@espnradio.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: exitexchange cookie 7:42 PM: david smith@exitexchange[1].txt (ID = 2633) 7:42 PM: david smith@experts.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: fe.lea.lycos.com cookie 7:42 PM: david smith@fe.lea.lycos[1].txt (ID = 2660) 7:42 PM: david smith@forums.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: jp18 cookie 7:42 PM: david smith@free.jp18[2].txt (ID = 2892) 7:42 PM: Found Spy Cookie: wegcash cookie 7:42 PM: david smith@free.wegcash[2].txt (ID = 3682) 7:42 PM: david smith@games.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: gaytrafficbroker cookie 7:42 PM: david smith@gaytrafficbroker[2].txt (ID = 2724) 7:42 PM: Found Spy Cookie: go2net.com cookie 7:42 PM: david smith@go2net[1].txt (ID = 2730) 7:42 PM: david smith@gocalifornia.about[2].txt (ID = 2038) 7:42 PM: david smith@golf.about[2].txt (ID = 2038) 7:42 PM: david smith@gosouthamerica.about[2].txt (ID = 2038) 7:42 PM: david smith@gostats[1].txt (ID = 2747) 7:42 PM: Found Spy Cookie: gotoast cookie 7:42 PM: david smith@gotoast[1].txt (ID = 2751) 7:42 PM: david smith@go[2].txt (ID = 2728) 7:42 PM: david smith@go[3].txt (ID = 2728) 7:42 PM: david smith@go[4].txt (ID = 2728) 7:42 PM: david smith@go[5].txt (ID = 2728) 7:42 PM: david smith@history1900s.about[2].txt (ID = 2038) 7:42 PM: Found Spy Cookie: clickandtrack cookie 7:42 PM: david smith@hits.clickandtrack[1].txt (ID = 2397) 7:42 PM: david smith@homepage.belointeractive[1].txt (ID = 2295) 7:42 PM: Found Spy Cookie: homestore cookie 7:42 PM: david smith@homestore[2].txt (ID = 2793) 7:42 PM: david smith@horseracing.about[2].txt (ID = 2038) 7:42 PM: Found Spy Cookie: dbbsrv cookie 7:42 PM: david smith@hotbabes.com.19522.fb.dbbsrv[1].txt (ID = 2500) 7:42 PM: Found Spy Cookie: hotmatch cookie 7:42 PM: david smith@hotmatch[1].txt (ID = 3854) 7:42 PM: david smith@howstuffworks[1].txt (ID = 2805) 7:42 PM: Found Spy Cookie: hypertracker.com cookie 7:42 PM: david smith@hypertracker[1].txt (ID = 2817) 7:42 PM: Found Spy Cookie: screensavers.com cookie 7:42 PM: david smith@i.screensavers[2].txt (ID = 3298) 7:42 PM: Found Spy Cookie: ic-live cookie 7:42 PM: david smith@ic-live[1].txt (ID = 2821) 7:42 PM: Found Spy Cookie: imlive.com cookie 7:42 PM: david smith@imlive[1].txt (ID = 2843) 7:42 PM: Found Spy Cookie: informit cookie 7:42 PM: david smith@informit[1].txt (ID = 2863) 7:42 PM: david smith@insider.espn.go[2].txt (ID = 2729) 7:42 PM: david smith@inventors.about[1].txt (ID = 2038) 7:42 PM: david smith@jp18[2].txt (ID = 2891) 7:42 PM: Found Spy Cookie: kinghost cookie 7:42 PM: david smith@kinghost[2].txt (ID = 2903) 7:42 PM: Found Spy Cookie: kmpads cookie 7:42 PM: david smith@kmpads[2].txt (ID = 2909) 7:42 PM: Found Spy Cookie: kount cookie 7:42 PM: david smith@kount[1].txt (ID = 2911) 7:42 PM: Found Spy Cookie: ugo cookie 7:42 PM: david smith@mediamgr.ugo[2].txt (ID = 3609) 7:42 PM: Found Spy Cookie: mediumpimpin cookie 7:42 PM: david smith@mediumpimpin[2].txt (ID = 2978) 7:42 PM: Found Spy Cookie: mensniche cookie 7:42 PM: david smith@mensniche[1].txt (ID = 2986) 7:42 PM: david smith@metacafe.122.2o7[1].txt (ID = 1958) 7:42 PM: Found Spy Cookie: metareward.com cookie 7:42 PM: david smith@metareward[2].txt (ID = 2990) 7:42 PM: david smith@miami.about[1].txt (ID = 2038) 7:42 PM: david smith@microsofteup.112.2o7[1].txt (ID = 1958) 7:42 PM: Found Spy Cookie: military cookie 7:42 PM: david smith@military[2].txt (ID = 2996) 7:42 PM: david smith@money.howstuffworks[2].txt (ID = 2806) 7:42 PM: david smith@movies.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: mrskin cookie 7:42 PM: david smith@mrskin[2].txt (ID = 3020) 7:42 PM: david smith@msn.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: touchclarity cookie 7:42 PM: david smith@msn.touchclarity[1].txt (ID = 3566) 7:42 PM: david smith@msnportal.112.2o7[1].txt (ID = 1958) 7:42 PM: david smith@my.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: mygeek cookie 7:42 PM: david smith@mygeek[1].txt (ID = 3041) 7:42 PM: david smith@netsecurity.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: realmedia cookie 7:42 PM: david smith@network.realmedia[1].txt (ID = 3236) 7:42 PM: Found Spy Cookie: nextag cookie 7:42 PM: david smith@nextag[1].txt (ID = 5014) 7:42 PM: Found Spy Cookie: nuker cookie 7:42 PM: david smith@nuker[1].txt (ID = 3085) 7:42 PM: Found Spy Cookie: one-time-offer cookie 7:42 PM: david smith@one-time-offer[2].txt (ID = 3095) 7:42 PM: david smith@orthopedics.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: outster cookie 7:42 PM: david smith@outster[2].txt (ID = 3103) 7:42 PM: david smith@partygaming.122.2o7[1].txt (ID = 1958) 7:42 PM: david smith@partypoker.touchclarity[1].txt (ID = 3567) 7:42 PM: Found Spy Cookie: partypoker cookie 7:42 PM: david smith@partypoker[2].txt (ID = 3111) 7:42 PM: Found Spy Cookie: paypopup cookie 7:42 PM: david smith@paypopup[1].txt (ID = 3119) 7:42 PM: david smith@phoenix.about[2].txt (ID = 2038) 7:42 PM: david smith@popunder.paypopup[1].txt (ID = 3120) 7:42 PM: Found Spy Cookie: pricegrabber cookie 7:42 PM: david smith@pricegrabber[1].txt (ID = 3185) 7:42 PM: Found Spy Cookie: pridebucks cookie 7:42 PM: david smith@pridebucks[1].txt (ID = 3187) 7:42 PM: david smith@primetimetv.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: pro-market cookie 7:42 PM: david smith@pro-market[1].txt (ID = 3197) 7:42 PM: david smith@probasketball.about[1].txt (ID = 2038) 7:42 PM: david smith@programs.wegcash[1].txt (ID = 3682) 7:42 PM: david smith@proxy.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: pub cookie 7:42 PM: david smith@pub[1].txt (ID = 3205) 7:42 PM: Found Spy Cookie: qksrv cookie 7:42 PM: david smith@qksrv[2].txt (ID = 3213) 7:42 PM: david smith@r.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: rc cookie 7:42 PM: david smith@rc[1].txt (ID = 3231) 7:42 PM: Found Spy Cookie: sex cookie 7:42 PM: david smith@rd5.sex[1].txt (ID = 3348) 7:42 PM: david smith@realmedia[1].txt (ID = 3235) 7:42 PM: david smith@reunion[2].txt (ID = 3255) 7:42 PM: david smith@revenue[1].txt (ID = 3257) 7:42 PM: Found Spy Cookie: rightmedia cookie 7:42 PM: david smith@rightmedia[2].txt (ID = 3259) 7:42 PM: david smith@riptownmedia.122.2o7[1].txt (ID = 1958) 7:42 PM: Found Spy Cookie: rn11 cookie 7:42 PM: david smith@rn11[2].txt (ID = 3261) 7:42 PM: Found Spy Cookie: adjuggler cookie 7:42 PM: david smith@rotator.adjuggler[2].txt (ID = 2071) 7:42 PM: david smith@rsi.abc.go[1].txt (ID = 2729) 7:42 PM: david smith@rsi.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: webtrendslive cookie 7:42 PM: david smith@S005-01-9-28-233860-106434[2].txt (ID = 3679) 7:42 PM: david smith@science.howstuffworks[1].txt (ID = 2806) 7:42 PM: Found Spy Cookie: search123 cookie 7:42 PM: david smith@search123[2].txt (ID = 3305) 7:42 PM: david smith@sendtofriend.espn.go[1].txt (ID = 2729) 7:42 PM: Found Spy Cookie: server.iad.liveperson cookie 7:42 PM: david smith@server.iad.liveperson[1].txt (ID = 3341) 7:42 PM: Found Spy Cookie: web-stat cookie 7:42 PM: david smith@server3.web-stat[2].txt (ID = 3649) 7:42 PM: Found Spy Cookie: servlet cookie 7:42 PM: david smith@servlet[1].txt (ID = 3345) 7:42 PM: david smith@servlet[2].txt (ID = 3345) 7:42 PM: david smith@servlet[3].txt (ID = 3345) 7:42 PM: david smith@sex[1].txt (ID = 3347) 7:42 PM: david smith@sex[2].txt (ID = 3347) 7:42 PM: david smith@shareware.about[1].txt (ID = 2038) 7:42 PM: david smith@skyauction.122.2o7[1].txt (ID = 1958) 7:42 PM: Found Spy Cookie: smni cookie 7:42 PM: david smith@smni[2].txt (ID = 3389) 7:42 PM: Found Spy Cookie: specificpop cookie 7:42 PM: david smith@specificpop[1].txt (ID = 3401) 7:42 PM: david smith@sports-att.espn.go[2].txt (ID = 2729) 7:42 PM: david smith@sports.espn.go[1].txt (ID = 2729) 7:42 PM: david smith@sportsgambling.about[1].txt (ID = 2038) 7:42 PM: Found Spy Cookie: spywarestormer cookie 7:42 PM: david smith@spywarestormer[1].txt (ID = 3417) 7:42 PM: david smith@stat.dealtime[1].txt (ID = 2506) 7:42 PM: Found Spy Cookie: stats.klsoft.com cookie 7:42 PM: david smith@stats.klsoft[1].txt (ID = 3451) 7:42 PM: Found Spy Cookie: reliablestats cookie 7:42 PM: david smith@stats1.reliablestats[2].txt (ID = 3254) 7:42 PM: Found Spy Cookie: clicktracks cookie 7:42 PM: david smith@stats2.clicktracks[1].txt (ID = 2407) 7:42 PM: Found Spy Cookie: tacoda cookie 7:42 PM: david smith@tacoda[1].txt (ID = 6444) 7:42 PM: Found Spy Cookie: toplist cookie 7:42 PM: david smith@toplist[1].txt (ID = 3557) 7:42 PM: Found Spy Cookie: tracking cookie 7:42 PM: david smith@tracking[2].txt (ID = 3571) 7:42 PM: Found Spy Cookie: trafficmp cookie 7:42 PM: david smith@trafficmp[1].txt (ID = 3581) 7:42 PM: Found Spy Cookie: trb.com cookie 7:42 PM: david smith@trb[1].txt (ID = 3587) 7:42 PM: david smith@tv.trb[1].txt (ID = 3588) 7:42 PM: Found Spy Cookie: videodome cookie 7:42 PM: david smith@videodome[1].txt (ID = 3638) 7:42 PM: david smith@vip.clickzs[1].txt (ID = 2413) 7:42 PM: david smith@web.tickle[1].txt (ID = 3530) 7:42 PM: Found Spy Cookie: webpower cookie 7:42 PM: david smith@webpower[1].txt (ID = 3660) 7:42 PM: david smith@weightloss.about[1].txt (ID = 2038) 7:42 PM: david smith@wgnsuperstation.trb[1].txt (ID = 3588) 7:42 PM: david smith@wgntv.trb[2].txt (ID = 3588) 7:42 PM: Found Spy Cookie: techtarget cookie 7:42 PM: david smith@whatis.techtarget[1].txt (ID = 3500) 7:42 PM: Found Spy Cookie: adshooter cookie 7:42 PM: david smith@www.adshooter[2].txt (ID = 2150) 7:42 PM: Found Spy Cookie: bestmovies cookie 7:42 PM: david smith@www.bestmovies[1].txt (ID = 2299) 7:42 PM: david smith@www.bigpenis.com.22545.fb.dbbsrv[1].txt (ID = 2500) 7:42 PM: Found Spy Cookie: burstbeacon cookie 7:42 PM: david smith@www.burstbeacon[2].txt (ID = 2335) 7:42 PM: david smith@www.buttnaked.com.19249.fb.dbbsrv[2].txt (ID = 2500) 7:42 PM: Found Spy Cookie: buzztone cookie 7:42 PM: david smith@www.buzztone[1].txt (ID = 2339) 7:42 PM: Found Spy Cookie: camgirlslive cookie 7:42 PM: david smith@www.camgirlslive[2].txt (ID = 2345) 7:42 PM: Found Spy Cookie: catlist cookie 7:42 PM: david smith@www.catlist[2].txt (ID = 2365) 7:42 PM: Found Spy Cookie: collegefucktour cookie 7:42 PM: david smith@www.collegefucktour[1].txt (ID = 2440) 7:42 PM: Found Spy Cookie: consumerfreedom.com cookie 7:42 PM: david smith@www.consumerfreedom[2].txt (ID = 2460) 7:42 PM: Found Spy Cookie: eroticy cookie 7:42 PM: david smith@www.eroticy[2].txt (ID = 2624) 7:42 PM: Found Spy Cookie: fetcj cookie 7:42 PM: david smith@www.fetcj[1].txt (ID = 2663) 7:42 PM: Found Spy Cookie: freemoviesanddownloads cookie 7:42 PM: david smith@www.freemoviesanddownloads[2].txt (ID = 2701) 7:42 PM: david smith@www.howstuffworks[2].txt (ID = 2806) 7:42 PM: Found Spy Cookie: www.mature-post cookie 7:42 PM: david smith@www.mature-post[2].txt (ID = 3703) 7:42 PM: david smith@www.military[2].txt (ID = 2997) 7:42 PM: david smith@www.mrskin[1].txt (ID = 3021) 7:42 PM: Found Spy Cookie: myaffiliateprogram.com cookie 7:42 PM: david smith@www.myaffiliateprogram[1].txt (ID = 3032) 7:42 PM: david smith@www.screensavers[2].txt (ID = 3298) 7:42 PM: Found Spy Cookie: seeq cookie 7:42 PM: david smith@www.seeq[1].txt (ID = 3332) 7:42 PM: Found Spy Cookie: smashingthumbs cookie 7:42 PM: david smith@www.smashingthumbs[1].txt (ID = 3386) 7:42 PM: Found Spy Cookie: starpulse cookie 7:42 PM: david smith@www.starpulse[1].txt (ID = 3440) 7:42 PM: Found Spy Cookie: teenax cookie 7:42 PM: david smith@www.teenax[2].txt (ID = 3504) 7:42 PM: Found Spy Cookie: teensforcash cookie 7:42 PM: david smith@www.teensforcash[1].txt (ID = 3510) 7:42 PM: david smith@www.web-stat[2].txt (ID = 3649) 7:42 PM: Found Spy Cookie: winantiviruspro cookie 7:42 PM: david smith@www.winantiviruspro[1].txt (ID = 3690) 7:42 PM: Found Spy Cookie: xxx69 cookie 7:42 PM: david smith@www.xxx69[2].txt (ID = 3732) 7:42 PM: david smith@www48.seeq[1].txt (ID = 3332) 7:42 PM: Found Spy Cookie: xiti cookie 7:42 PM: david smith@xiti[1].txt (ID = 3717) 7:42 PM: Found Spy Cookie: xuppa cookie 7:42 PM: david smith@xuppa[1].txt (ID = 3729) 7:42 PM: Found Spy Cookie: yadro cookie 7:42 PM: david smith@yadro[2].txt (ID = 3743) 7:42 PM: david smith@yieldmanager[2].txt (ID = 3749) 7:42 PM: Found Spy Cookie: young-hardcore cookie 7:42 PM: david smith@young-hardcore[1].txt (ID = 3754) 7:42 PM: Found Spy Cookie: zedo cookie 7:42 PM: david smith@zedo[1].txt (ID = 3762) 7:43 PM: Found Spy Cookie: zenotecnico cookie 7:43 PM: david smith@zenotecnico[1].txt (ID = 3858) 7:43 PM: Cookie Sweep Complete, Elapsed Time: 00:00:19 7:43 PM: Starting File Sweep 7:43 PM: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186) 7:46 PM: offun.exe (ID = 215807) 7:50 PM: nt68rrtc12.sys (ID = 220230) 7:50 PM: sskknwrd.dll (ID = 77733) 7:59 PM: uni_eh.exe (ID = 245110) 7:59 PM: unin101.exe (ID = 245111) 8:03 PM: winats.dll (ID = 208226) 8:03 PM: winats.dll (ID = 208226) 8:04 PM: Found Adware: dollarrevenue 8:04 PM: keyboard2.exe (ID = 260102) 8:04 PM: vcmain.exe (ID = 212830) 8:05 PM: qsdsregk.exe (ID = 293) 8:06 PM: Found Adware: ist istbar 8:06 PM: isinst.exe (ID = 258984) 8:06 PM: gimmysmileys2.exe (ID = 260125) 8:06 PM: zicorn001.exe (ID = 245938) 8:08 PM: Found Adware: bookedspace 8:08 PM: hshttcbw.exe (ID = 51662) 8:08 PM: 876056.exe (ID = 158984) 8:09 PM: winnb57.dll (ID = 159067) 8:09 PM: drsmartload1.exe (ID = 245972) 8:09 PM: winats.dll (ID = 208226) 8:09 PM: i57d.tmp (ID = 253411) 8:10 PM: rlls.dll (ID = 235980) 8:11 PM: pms111x.exe (ID = 244278) 8:11 PM: pf78.exe (ID = 244430) 8:11 PM: cemetrix.dll (ID = 243051) 8:11 PM: ventfe1.exe (ID = 257804) 8:11 PM: visfx500.exe (ID = 244295) 8:15 PM: rk.bin (ID = 235981) 8:23 PM: Found Adware: venusseek (eros) 8:23 PM: hardware seek.lnk (ID = 82418) 8:23 PM: web search.lnk (ID = 82685) 8:23 PM: hardware seek.lnk (ID = 82418) 8:23 PM: zxdnt3d.cfg (ID = 91140) 8:23 PM: auto cars.lnk (ID = 82237) 8:23 PM: car insurance.lnk (ID = 82287) 8:23 PM: car financing.lnk (ID = 82285) 8:23 PM: car parts.lnk (ID = 82288) 8:23 PM: auto dealers.lnk (ID = 82239) 8:23 PM: new cars.lnk (ID = 82531) 8:23 PM: used cars.lnk (ID = 82668) 8:23 PM: business.lnk (ID = 82278) 8:23 PM: office products.lnk (ID = 82536) 8:23 PM: office supplies.lnk (ID = 82537) 8:23 PM: office furniture.lnk (ID = 82534) 8:23 PM: business cards.lnk (ID = 82274) 8:23 PM: long distance.lnk (ID = 82494) 8:23 PM: shipping.lnk (ID = 82610) 8:23 PM: business services.lnk (ID = 82276) 8:23 PM: consulting.lnk (ID = 82310) 8:23 PM: accounting.lnk (ID = 82206) 8:23 PM: training.lnk (ID = 82659) 8:23 PM: human resource.lnk (ID = 82447) 8:23 PM: legal services.lnk (ID = 82483) 8:23 PM: computers.lnk (ID = 82309) 8:23 PM: web hosting.lnk (ID = 82683) 8:23 PM: hardware.lnk (ID = 82419) 8:23 PM: software.lnk (ID = 82626) 8:23 PM: laptops.lnk (ID = 82471) 8:23 PM: printers.lnk (ID = 82575) 8:23 PM: monitors.lnk (ID = 82515) 8:23 PM: computer services.lnk (ID = 82307) 8:23 PM: data recovery.lnk (ID = 82321) 8:23 PM: dedicated server.lnk (ID = 82326) 8:23 PM: colocation.lnk (ID = 82303) 8:23 PM: web hosting.lnk (ID = 82683) 8:23 PM: web design.lnk (ID = 82681) 8:23 PM: dsl.lnk (ID = 82339) 8:23 PM: electronics.lnk (ID = 82346) 8:23 PM: lcd projector.lnk (ID = 82478) 8:23 PM: phone.lnk (ID = 82550) 8:23 PM: digital camera.lnk (ID = 82331) 8:23 PM: pda.lnk (ID = 82543) 8:23 PM: pagers.lnk (ID = 82539) 8:23 PM: cell phones.lnk (ID = 82295) 8:23 PM: finance.lnk (ID = 82364) 8:23 PM: home finance.lnk (ID = 82432) 8:23 PM: debt.lnk (ID = 82324) 8:23 PM: investing.lnk (ID = 82463) 8:23 PM: personal finance.lnk (ID = 82545) 8:23 PM: stocks.lnk (ID = 82639) 8:23 PM: real estate.lnk (ID = 82582) 8:23 PM: insurance.lnk (ID = 82459) 8:23 PM: loans.lnk (ID = 82492) 8:23 PM: gambling.lnk (ID = 82380) 8:23 PM: blackjack.lnk (ID = 82261) 8:23 PM: betting.lnk (ID = 82255) 8:23 PM: casino.lnk (ID = 82290) 8:23 PM: slots.lnk (ID = 82618) 8:23 PM: poker.lnk (ID = 82554) 8:23 PM: bingo.lnk (ID = 82256) 8:23 PM: gifts.lnk (ID = 82395) 8:23 PM: baby gifts.lnk (ID = 82245) 8:23 PM: jewelry.lnk (ID = 82466) 8:23 PM: wine.lnk (ID = 82692) 8:23 PM: flowers.lnk (ID = 82374) 8:23 PM: gift baskets.lnk (ID = 82390) 8:23 PM: gift certificates.lnk (ID = 82392) 8:23 PM: hardware.lnk (ID = 82419) 8:23 PM: dell.lnk (ID = 82328) 8:23 PM: compaq.lnk (ID = 82304) 8:23 PM: ibm.lnk (ID = 82453) 8:23 PM: hewlett packard.lnk (ID = 82425) 8:23 PM: apple.lnk (ID = 82233) 8:23 PM: digital cameras.lnk (ID = 82332) 8:23 PM: full motion.lnk (ID = 82377) 8:23 PM: general.lnk (ID = 82389) 8:23 PM: media.lnk (ID = 82506) 8:23 PM: still.lnk (ID = 82637) 8:23 PM: used cameras.lnk (ID = 82665) 8:23 PM: 15 inch.lnk (ID = 82197) 8:23 PM: 17 inch.lnk (ID = 82199) 8:23 PM: 19 inch.lnk (ID = 82202) 8:23 PM: 21 inch.lnk (ID = 82204) 8:23 PM: flatscreen.lnk (ID = 82370) 8:23 PM: lcd.lnk (ID = 82482) 8:23 PM: video cards.lnk (ID = 82676) 8:23 PM: networking.lnk (ID = 82529) 8:23 PM: ethernet adapter.lnk (ID = 82357) 8:23 PM: home network.lnk (ID = 82442) 8:23 PM: hubs and switches.lnk (ID = 82446) 8:23 PM: modems.lnk (ID = 82513) 8:23 PM: networking hardware.lnk (ID = 82526) 8:23 PM: networking software.lnk (ID = 82527) 8:23 PM: wireless lan.lnk (ID = 82693) 8:23 PM: presentation.lnk (ID = 82574) 8:23 PM: headsets.lnk (ID = 82421) 8:23 PM: laser pointers.lnk (ID = 82474) 8:23 PM: microphones.lnk (ID = 82512) 8:23 PM: lcd projectors.lnk (ID = 82480) 8:23 PM: projectors.lnk (ID = 82578) 8:23 PM: speakers.lnk (ID = 82634) 8:23 PM: ink advisor.lnk (ID = 82455) 8:23 PM: laser printer.lnk (ID = 82475) 8:23 PM: multi function.lnk (ID = 82522) 8:23 PM: portable printers.lnk (ID = 82571) 8:23 PM: scanners.lnk (ID = 82590) 8:23 PM: barcode.lnk (ID = 82248) 8:23 PM: business card.lnk (ID = 82272) 8:23 PM: flatbed.lnk (ID = 82367) 8:23 PM: sheetfed.lnk (ID = 82608) 8:23 PM: sound.lnk (ID = 82627) 8:23 PM: mp3.lnk (ID = 82519) 8:23 PM: soundcards.lnk (ID = 82630) 8:23 PM: speaker.lnk (ID = 82632) 8:23 PM: microphones.lnk (ID = 82512) 8:23 PM: subwoofer.lnk (ID = 82643) 8:23 PM: hifi.lnk (ID = 82428) 8:23 PM: storage and drives.lnk (ID = 82641) 8:23 PM: cd-rom.lnk (ID = 82293) 8:23 PM: floppy.lnk (ID = 82371) 8:23 PM: harddrives.lnk (ID = 82414) 8:23 PM: parallel port drive.lnk (ID = 82542) 8:23 PM: removable media.lnk (ID = 82586) 8:23 PM: zip drives.lnk (ID = 82704) 8:23 PM: home.lnk (ID = 82443) 8:23 PM: home improvement.lnk (ID = 82434) 8:23 PM: cooking.lnk (ID = 82313) 8:23 PM: real estate.lnk (ID = 82582) 8:23 PM: pets.lnk (ID = 82548) 8:23 PM: gardening.lnk (ID = 82381) 8:23 PM: home loans.lnk (ID = 82437) 8:23 PM: interior design.lnk (ID = 82462) 8:23 PM: insurance.lnk (ID = 82459) 8:23 PM: life insurance.lnk (ID = 82488) 8:23 PM: auto insurance.lnk (ID = 82240) 8:23 PM: health insurance.lnk (ID = 82424) 8:23 PM: insurance brokers.lnk (ID = 82457) 8:23 PM: home insurance.lnk (ID = 82436) 8:23 PM: marketing.lnk (ID = 82504) 8:23 PM: advertising.lnk (ID = 82224) 8:23 PM: direct mail.lnk (ID = 82336) 8:23 PM: graphic design.lnk (ID = 82401) 8:23 PM: market research.lnk (ID = 82502) 8:23 PM: banner.lnk (ID = 82247) 8:23 PM: personal finance.lnk (ID = 82545) 8:23 PM: home mortgage.lnk (ID = 82440) 8:23 PM: loans.lnk (ID = 82492) 8:23 PM: refinance.lnk (ID = 82583) 8:23 PM: debt consolidation.lnk (ID = 82322) 8:24 PM: credit.lnk (ID = 82319) 8:24 PM: credit cards.lnk (ID = 82316) 8:24 PM: shopping.lnk (ID = 82612) 8:24 PM: skin care.lnk (ID = 82615) 8:24 PM: computers.lnk (ID = 82309) 8:24 PM: cosmetics.lnk (ID = 82315) 8:24 PM: gifts.lnk (ID = 82395) 8:24 PM: electronics.lnk (ID = 82346) 8:24 PM: auto and cars.lnk (ID = 82234) 8:24 PM: books.lnk (ID = 82268) 8:24 PM: clothing.lnk (ID = 82301) 8:24 PM: small business.lnk (ID = 82620) 8:24 PM: marketing.lnk (ID = 82504) 8:24 PM: office products.lnk (ID = 82536) 8:24 PM: human resources.lnk (ID = 82449) 8:24 PM: sports.lnk (ID = 82635) 8:24 PM: golf.lnk (ID = 82399) 8:24 PM: tennis.lnk (ID = 82657) 8:24 PM: fishing.lnk (ID = 82366) 8:24 PM: baseball.lnk (ID = 82251) 8:24 PM: skiing.lnk (ID = 82613) 8:24 PM: soccer.lnk (ID = 82624) 8:24 PM: football.lnk (ID = 82375) 8:24 PM: basketball.lnk (ID = 82252) 8:24 PM: auto.lnk (ID = 82243) 8:24 PM: download-porn.lnk (ID = 82338) 8:24 PM: venusseek.lnk (ID = 82670) 8:24 PM: adult.lnk (ID = 82220) 8:24 PM: adult dvd shop.lnk (ID = 82208) 8:24 PM: adult dvds.lnk (ID = 82210) 8:24 PM: adult movies.lnk (ID = 82211) 8:24 PM: adult toys.lnk (ID = 82214) 8:24 PM: adult video shop.lnk (ID = 82217) 8:24 PM: adult videos.lnk (ID = 82218) 8:24 PM: anal.lnk (ID = 82230) 8:24 PM: anal beads.lnk (ID = 82227) 8:24 PM: anal toys.lnk (ID = 82229) 8:24 PM: bondage.lnk (ID = 82266) 8:24 PM: bondage gear.lnk (ID = 82263) 8:24 PM: bondage tape.lnk (ID = 82264) 8:24 PM: fetish wear.lnk (ID = 82362) 8:24 PM: golden shower.lnk (ID = 82397) 8:24 PM: dvd.lnk (ID = 82341) 8:24 PM: porn dvd.lnk (ID = 82556) 8:24 PM: sex dvd.lnk (ID = 82594) 8:24 PM: xxx dvd.lnk (ID = 82696) 8:24 PM: erotic.lnk (ID = 82353) 8:24 PM: erotica.lnk (ID = 82356) 8:24 PM: erotic video.lnk (ID = 82352) 8:24 PM: ebony sex.lnk (ID = 82343) 8:24 PM: naked ladies.lnk (ID = 82524) 8:24 PM: gay.lnk (ID = 82387) 8:24 PM: gay dvd.lnk (ID = 82383) 8:24 PM: gay films.lnk (ID = 82384) 8:24 PM: hardcore.lnk (ID = 82412) 8:24 PM: ebony sex.lnk (ID = 82343) 8:24 PM: naked ladies.lnk (ID = 82524) 8:24 PM: hardcore adult dvd.lnk (ID = 82402) 8:24 PM: hardcore adult video.lnk (ID = 82404) 8:24 PM: hardcore dvd.lnk (ID = 82406) 8:24 PM: hardcore film.lnk (ID = 82408) 8:24 PM: hardcore video.lnk (ID = 82411) 8:24 PM: porn.lnk (ID = 82567) 8:24 PM: bush.lnk (ID = 82271) 8:24 PM: ebony sex.lnk (ID = 82343) 8:24 PM: porn film.lnk (ID = 82557) 8:24 PM: porn movie.lnk (ID = 82562) 8:24 PM: pornstar.lnk (ID = 82570) 8:24 PM: porn uk.lnk (ID = 82563) 8:24 PM: porn video.lnk (ID = 82565) 8:24 PM: snatch.lnk (ID = 82621) 8:24 PM: webcams.lnk (ID = 82687) 8:24 PM: sex.lnk (ID = 82605) 8:24 PM: bush.lnk (ID = 82271) 8:24 PM: ebony sex.lnk (ID = 82343) 8:24 PM: web search.lnk (ID = 82685) 8:24 PM: msnav32.ax (ID = 220229) 8:24 PM: naked ladies.lnk (ID = 82524) 8:24 PM: sex dolls.lnk (ID = 82592) 8:24 PM: sex films.lnk (ID = 82595) 8:24 PM: sex movies.lnk (ID = 82597) 8:24 PM: sex shops.lnk (ID = 82599) 8:24 PM: sex toys.lnk (ID = 82601) 8:24 PM: sex videos.lnk (ID = 82604) 8:24 PM: snatch.lnk (ID = 82621) 8:24 PM: webcams.lnk (ID = 82687) 8:24 PM: xxx films.lnk (ID = 82697) 8:24 PM: xxx videos.lnk (ID = 82702) 8:24 PM: clitoral stimulators.lnk (ID = 82299) 8:24 PM: dildos.lnk (ID = 82334) 8:24 PM: lingerie.lnk (ID = 82490) 8:24 PM: lubes.lnk (ID = 82495) 8:24 PM: lubricants.lnk (ID = 82497) 8:24 PM: marital aids.lnk (ID = 82499) 8:24 PM: vibrators.lnk (ID = 82674) 8:24 PM: viagra.lnk (ID = 82671) 8:24 PM: video.lnk (ID = 82678) 8:24 PM: cheap sex video.lnk (ID = 82297) 8:24 PM: uk sex video.lnk (ID = 82663) 8:24 PM: vivid dvd.lnk (ID = 82679) 8:24 PM: lesbian dvd.lnk (ID = 82486) 8:24 PM: winats.inf (ID = 208224) 8:24 PM: z_start.lnk (ID = 235994) 8:24 PM: zeno.lnk (ID = 146127) 8:24 PM: sskcwrd.dll (ID = 77712) 8:24 PM: winats.inf (ID = 208224) 8:24 PM: winats.inf (ID = 208224) 8:25 PM: Warning: Invalid Stream 8:25 PM: Warning: Invalid Stream 8:28 PM: z_start.lnk (ID = 293) 8:28 PM: File Sweep Complete, Elapsed Time: 00:45:28 8:28 PM: Full Sweep has completed. Elapsed time 00:55:54 8:28 PM: Traces Found: 769 8:30 PM: Removal process initiated 8:30 PM: Quarantining All Traces: ist istbar 8:31 PM: Quarantining All Traces: visfx 8:31 PM: Quarantining All Traces: coolwebsearch (cws) 8:31 PM: Quarantining All Traces: dollarrevenue 8:31 PM: Quarantining All Traces: enbrowser 8:31 PM: Quarantining All Traces: marketscore 8:31 PM: Quarantining All Traces: surfsidekick 8:31 PM: surfsidekick is in use. It will be removed on reboot. 8:31 PM: Ssk.exe is in use. It will be removed on reboot. 8:31 PM: Quarantining All Traces: venusseek (eros) 8:32 PM: Quarantining All Traces: bookedspace 8:32 PM: Quarantining All Traces: elitemediagroup-pop64 8:32 PM: Quarantining All Traces: findthewebsiteyouneed hijack 8:32 PM: Quarantining All Traces: mirar webband 8:32 PM: Quarantining All Traces: zenosearchassistant 8:32 PM: zenosearchassistant is in use. It will be removed on reboot. 8:32 PM: z_start.lnk is in use. It will be removed on reboot. 8:32 PM: Quarantining All Traces: 216.221.138 cookie 8:32 PM: Quarantining All Traces: 2o7.net cookie 8:32 PM: Quarantining All Traces: 360i cookie 8:32 PM: Quarantining All Traces: 64.62.232 cookie 8:32 PM: Quarantining All Traces: 80503492 cookie 8:32 PM: Quarantining All Traces: 888 cookie 8:32 PM: Quarantining All Traces: about cookie 8:33 PM: Quarantining All Traces: adecn cookie 8:33 PM: Quarantining All Traces: adjuggler cookie 8:33 PM: Quarantining All Traces: adknowledge cookie 8:33 PM: Quarantining All Traces: adrevolver cookie 8:33 PM: Quarantining All Traces: ads.businessweek cookie 8:33 PM: Quarantining All Traces: adshooter cookie 8:33 PM: Quarantining All Traces: alt cookie 8:33 PM: Quarantining All Traces: apmebf cookie 8:33 PM: Quarantining All Traces: ask cookie 8:33 PM: Quarantining All Traces: askmen cookie 8:33 PM: Quarantining All Traces: atwola cookie 8:33 PM: Quarantining All Traces: azjmp cookie 8:33 PM: Quarantining All Traces: banner cookie 8:33 PM: Quarantining All Traces: bannerspace cookie 8:33 PM: Quarantining All Traces: barelylegal cookie 8:33 PM: Quarantining All Traces: belnk cookie 8:33 PM: Quarantining All Traces: belointeractive cookie 8:33 PM: Quarantining All Traces: bestmovies cookie 8:33 PM: Quarantining All Traces: bilbo.counted.com cookie 8:33 PM: Quarantining All Traces: bizrate cookie 8:33 PM: Quarantining All Traces: burstbeacon cookie 8:33 PM: Quarantining All Traces: burstnet cookie 8:33 PM: Quarantining All Traces: buzztone cookie 8:33 PM: Quarantining All Traces: camgirlslive cookie 8:33 PM: Quarantining All Traces: casalemedia cookie 8:33 PM: Quarantining All Traces: cassava cookie 8:33 PM: Quarantining All Traces: catlist cookie 8:33 PM: Quarantining All Traces: ccbill cookie 8:33 PM: Quarantining All Traces: classmates cookie 8:33 PM: Quarantining All Traces: clickandtrack cookie 8:33 PM: Quarantining All Traces: clicktracks cookie 8:33 PM: Quarantining All Traces: clickzs cookie 8:33 PM: Quarantining All Traces: cnt cookie 8:33 PM: Quarantining All Traces: collegefucktour cookie 8:33 PM: Quarantining All Traces: commission junction cookie 8:33 PM: Quarantining All Traces: consumerfreedom.com cookie 8:33 PM: Quarantining All Traces: coolsavings cookie 8:33 PM: Quarantining All Traces: coolwebsearch cookie 8:33 PM: Quarantining All Traces: customer cookie 8:33 PM: Quarantining All Traces: dbbsrv cookie 8:33 PM: Quarantining All Traces: dealtime cookie 8:33 PM: Quarantining All Traces: did-it cookie 8:33 PM: Quarantining All Traces: enhance cookie 8:33 PM: Quarantining All Traces: eroticy cookie 8:33 PM: Quarantining All Traces: exitexchange cookie 8:33 PM: Quarantining All Traces: falkag cookie 8:33 PM: Quarantining All Traces: fe.lea.lycos.com cookie 8:33 PM: Quarantining All Traces: fetcj cookie 8:33 PM: Quarantining All Traces: freemoviesanddownloads cookie 8:33 PM: Quarantining All Traces: gaytrafficbroker cookie 8:33 PM: Quarantining All Traces: go.com cookie 8:33 PM: Quarantining All Traces: go2net.com cookie 8:33 PM: Quarantining All Traces: goclick cookie 8:33 PM: Quarantining All Traces: gorillanation cookie 8:33 PM: Quarantining All Traces: gostats cookie 8:33 PM: Quarantining All Traces: gotoast cookie 8:33 PM: Quarantining All Traces: hbmediapro cookie 8:33 PM: Quarantining All Traces: homestore cookie 8:33 PM: Quarantining All Traces: hotbar cookie 8:33 PM: Quarantining All Traces: hotmatch cookie 8:33 PM: Quarantining All Traces: howstuffworks cookie 8:33 PM: Quarantining All Traces: hypertracker.com cookie 8:33 PM: Quarantining All Traces: ic-live cookie 8:33 PM: Quarantining All Traces: imlive.com cookie 8:33 PM: Quarantining All Traces: inet-traffic.com cookie 8:33 PM: Quarantining All Traces: informit cookie 8:33 PM: Quarantining All Traces: jp18 cookie 8:33 PM: Quarantining All Traces: kinghost cookie 8:33 PM: Quarantining All Traces: kmpads cookie 8:33 PM: Quarantining All Traces: kount cookie 8:33 PM: Quarantining All Traces: mediumpimpin cookie 8:33 PM: Quarantining All Traces: mensniche cookie 8:33 PM: Quarantining All Traces: metareward.com cookie 8:33 PM: Quarantining All Traces: military cookie 8:33 PM: Quarantining All Traces: mrskin cookie 8:33 PM: Quarantining All Traces: myaffiliateprogram.com cookie 8:33 PM: Quarantining All Traces: mygeek cookie 8:33 PM: Quarantining All Traces: nextag cookie 8:33 PM: Quarantining All Traces: nuker cookie 8:33 PM: Quarantining All Traces: one-time-offer cookie 8:33 PM: Quarantining All Traces: outster cookie 8:33 PM: Quarantining All Traces: overture cookie 8:33 PM: Quarantining All Traces: partypoker cookie 8:33 PM: Quarantining All Traces: paypopup cookie 8:33 PM: Quarantining All Traces: pricegrabber cookie 8:33 PM: Quarantining All Traces: pridebucks cookie 8:33 PM: Quarantining All Traces: pro-market cookie 8:33 PM: Quarantining All Traces: pub cookie 8:33 PM: Quarantining All Traces: qksrv cookie 8:33 PM: Quarantining All Traces: rc cookie 8:33 PM: Quarantining All Traces: realmedia cookie 8:33 PM: Quarantining All Traces: reliablestats cookie 8:33 PM: Quarantining All Traces: reunion cookie 8:33 PM: Quarantining All Traces: revenue.net cookie 8:33 PM: Quarantining All Traces: rightmedia cookie 8:33 PM: Quarantining All Traces: rn11 cookie 8:33 PM: Quarantining All Traces: ru4 cookie 8:33 PM: Quarantining All Traces: screensavers.com cookie 8:33 PM: Quarantining All Traces: search123 cookie 8:33 PM: Quarantining All Traces: seeq cookie 8:33 PM: Quarantining All Traces: server.iad.liveperson cookie 8:33 PM: Quarantining All Traces: servlet cookie 8:33 PM: Quarantining All Traces: sex cookie 8:33 PM: Quarantining All Traces: sexsuche cookie 8:33 PM: Quarantining All Traces: smashingthumbs cookie 8:33 PM: Quarantining All Traces: smni cookie 8:33 PM: Quarantining All Traces: specificclick.com cookie 8:33 PM: Quarantining All Traces: specificpop cookie 8:33 PM: Quarantining All Traces: spywarestormer cookie 8:33 PM: Quarantining All Traces: starpulse cookie 8:33 PM: Quarantining All Traces: stats.klsoft.com cookie 8:33 PM: Quarantining All Traces: tacoda cookie 8:33 PM: Quarantining All Traces: techtarget cookie 8:33 PM: Quarantining All Traces: teenax cookie 8:33 PM: Quarantining All Traces: teensforcash cookie 8:33 PM: Quarantining All Traces: tickle cookie 8:33 PM: Quarantining All Traces: toplist cookie 8:33 PM: Quarantining All Traces: touchclarity cookie 8:33 PM: Quarantining All Traces: tracking cookie 8:33 PM: Quarantining All Traces: trafficmp cookie 8:33 PM: Quarantining All Traces: trb.com cookie 8:33 PM: Quarantining All Traces: ugo cookie 8:33 PM: Quarantining All Traces: videodome cookie 8:33 PM: Quarantining All Traces: webpower cookie 8:33 PM: Quarantining All Traces: websponsors cookie 8:33 PM: Quarantining All Traces: web-stat cookie 8:33 PM: Quarantining All Traces: webtrendslive cookie 8:33 PM: Quarantining All Traces: wegcash cookie 8:33 PM: Quarantining All Traces: winantiviruspro cookie 8:33 PM: Quarantining All Traces: www.mature-post cookie 8:33 PM: Quarantining All Traces: xiti cookie 8:33 PM: Quarantining All Traces: xuppa cookie 8:33 PM: Quarantining All Traces: xxx69 cookie 8:33 PM: Quarantining All Traces: yadro cookie 8:33 PM: Quarantining All Traces: yieldmanager cookie 8:33 PM: Quarantining All Traces: young-hardcore cookie 8:33 PM: Quarantining All Traces: zedo cookie 8:33 PM: Quarantining All Traces: zenotecnico cookie 8:35 PM: Preparing to restart your computer. Please wait... 8:35 PM: Removal process completed. Elapsed time 00:05:01 ******** 7:26 PM: | Start of Session, Wednesday, March 15, 2006 | 7:26 PM: Spy Sweeper started 7:28 PM: Your spyware definitions have been updated. 7:32 PM: | End of Session, Wednesday, March 15, 2006 |

#10 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 March 2006 - 03:57 PM

Are you still using AOL?

You need To disable SpySweeper as it may interfer with the fix:

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
NewDotNet

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsmedia....A//www.wbul.com

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {3E686FD8-1E65-85A1-6A80-E2EA74E3673C} - C:\WINDOWS\Aedutrgm.dll (file missing)

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [newname] C:\\newname2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab

O20 - AppInit_DLLs: repairs303169545.dll

Close ALL windows and browsers except HijackThis and click "Fix checked"

delete these folders if listed:
C:\PROGRAM Files\NEWDOTNet

delete these files if listed:
repairs303169545.dll
C:\\keyboard2.exe
C:\\newname2.exe

Open C:\Windows\Prefetch\ Delete ALL files in this folder.

Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Advertisements

Register to Remove

#11 giants06

New Member

Authentic Member
19 posts

Posted 16 March 2006 - 08:26 PM

I have looked your next instructions. I am confused by this instruction--- Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Do you mean delete the temp folder under local settings in each folder in documents and settings? There are six folders. all users, david smith, default user, localservice, networkservice, and owner. Also, is there a way to print your instructions without cutting off the ends of sentences and having to print the whole thread? OK, maybe I revealed my great lack of knowledge with that question.

#12 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 March 2006 - 08:38 PM

Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Do you mean delete the temp folder under local settings in each folder in documents and settings? There are six folders. all users, david smith, default user, localservice, networkservice, and owner

. Skip that part, I'll give you a easier way in my next post.

Also, is there a way to print your instructions without cutting off the ends of sentences and having to print the whole thread?

I would think you could highlight with the mouse what you want to print and select print. Then select, print Selection.

Take the mouse and click on the first word, hold the button down and drag the mouse over what you want to print to hightlight.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#13 giants06

New Member

Authentic Member
19 posts

Posted 17 March 2006 - 05:13 PM

Yes I am still using AOL. I still have an email address I use over there and all their stuff is installed on the computer. As you can see O20 - AppInit_DLLs: repairs303169545.dll is still on the log. An error message pops up. An unexpected error has occurred at procedure: modBackup_makeBackup(sItem=O20-appinit_dlls: repairs 303169545.dll Error #5- Invalid procedure call or argument. I found repairs303169545.dll in the system32 folder. I cant delete it. It says cannot delete repa......... it is being used by another person or program. I thought Ewido might be interfering so i made it inactive-- rebooted and tried again. Still no luck. Ewido constantly reports: repairs 303..... C:\windows\system32 adware.Surfside. Also I've deleted the items in the prefetch folder a few times but each time i look in it some more stuff has snuck in there. I skipped the one instruction as you said. Thank you for continuing efforts. I think we're making a little progress, don't you think?

Logfile of HijackThis v1.99.1
Scan saved at 2:40:04 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.0.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gsu.ed...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O20 - AppInit_DLLs: repairs303169545.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#14 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 March 2006 - 05:19 PM

1. Copy and paste this code box text into a text editor such as Notepad.

CODE

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

2. Save this text as ResetAppInit.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4

3. Double-click on ResetAppInit.reg. When it asks you to merge the information to the registry click Yes

4.Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#15 giants06

New Member

Authentic Member
19 posts

Posted 17 March 2006 - 05:56 PM

The computer is acting fine as far as I know.

Logfile of HijackThis v1.99.1
Scan saved at 3:45:25 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102092806\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.0.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gsu.ed...sCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O20 - AppInit_DLLs: repairs303169545.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Body Background

skin color theme