9 replies to this topic

[JasonBob45]

Any help is greatly appreciated!

---------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:46:50 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ABIT\ABITEQ\abiteq.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jason/My%20Documents/Links3.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UMonit] "C:\WINDOWS\System32\umonit.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ABITEQ] C:\Program Files\ABIT\ABITEQ\abiteq.exe -M
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Shortcut to CCAPP.lnk = C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.co...ysb_regular.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: Domain = august.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: NameServer = 192.150.87.2,216.87.128.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: Domain = august.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: NameServer = 192.150.87.2,216.87.128.131
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Daemon]

Not much showing in here. Is august.net your ISP?

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jason/My%20Documents/Links3.html <-- if that's not your chosen homepage
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.co...ysb_regular.cab

Exit HijackThis when done.

Click here to download ewido security suite - it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. Then:

• Click on scanner
• Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
• While the scan is in progress you will be prompted to clean files, click OK
• When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop.

Now close ewido security suite.

Rescan with HJT and post a new log here together with the ewido log.

[JasonBob45]

august.net is my ISP, and Links3.html is the homepage that I had set.

I removed the one you pointed out and scanned with ewido, but I am still getting popups. Here are the current logs (the ewido log is very long... should I have posted this in a different way?) :

----------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:24:48 PM, on 12/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\ABIT\ABITEQ\abiteq.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jason/My%20Documents/Links3.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UMonit] "C:\WINDOWS\System32\umonit.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ABITEQ] C:\Program Files\ABIT\ABITEQ\abiteq.exe -M
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Shortcut to CCAPP.lnk = C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: Domain = august.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: NameServer = 192.150.87.2,216.87.128.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: Domain = august.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{549A6493-B411-4E76-B16B-7C7B20ACFFCD}: NameServer = 192.150.87.2,216.87.128.131
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



----------------------------------------------------------------------------------------------------------------------



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:22:53 PM, 12/25/2005
+ Report-Checksum: F0D97154

+ Scan result:

HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1A00C40B-DA85-4aa3-A67F-582D9347EECD} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buddylinks.net -> Spyware.BuddyLinks : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysearch_term -> Spyware.ISTBar : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-839522115-1801674531-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-839522115-1801674531-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-839522115-1801674531-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
C:\Ddrive\netshare\SeriousSam.exe -> Not-A-Virus.Joke.JepRuss : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@download.com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\All Users\Documents\Shared Utilities\vnc-4.0-x86_win32\VNC4\vncconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\98c2u3sd.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\rlo89z4e.slt\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@banner.goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@bigpond.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@e-2dj6wfloqmdzeap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@e-2dj6wjk4cjcpceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@e-2dj6wjk4woczmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ehg-hollywood.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ehg-legonewyorkinc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ehg-nestleusainc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ehg-newegg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@stats.adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\ckz17e9aa7\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\Cookies\jason@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\Cookies\jason@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\Cookies\jason@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\Cookies\jason@e-2dj6wjnyopdpkfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\game_dl.exe -> Spyware.MetaDirect.a : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\uninstall.exe -> Downloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Jason\Start Menu\Programs\buddylinks.net -> Spyware.BuddyLinks : Cleaned with backup
C:\Documents and Settings\Jason\Start Menu\Programs\buddylinks.net\Games -> Spyware.BuddyLinks : Cleaned with backup
C:\Documents and Settings\Jason\Start Menu\Programs\buddylinks.net\Games\Night Raptor -> Spyware.BuddyLinks : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\7shw5n7o.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjnywlczkao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ehg-knightridder.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@sel.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@stat.onestat[1].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@test.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jim\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Jim\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@-1shz2prbmdj6wvny-1sez2pra2dj6wjkociazcdoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gc5kdpgqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1id5iaowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sd5igpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeoajscqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wfkygpdjskpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqkdjicpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjloqkd5eeoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmikkdzsgoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmiumd5cfqa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gc5wlogwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ndzglpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqnd5aaoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuodzckpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfk4cgc5sfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfk4qnc5gap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfk4skczceq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfk4uhcpceo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfk4ukczweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfk4unczkco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkiajajcco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkicjdjscp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkiegczwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkisjc5olp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkiskczolq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkisnczcfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkiugc5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkiwkczedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkoomc5ebq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkosmajkfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkounc5ieo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkyancjwdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfkykldpgdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfl4snazsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfl4uoazweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wflienazmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wflisjdpeeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wflocncjeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wflogiazghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfmiand5ggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfmicgd5kdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfmigmcpcgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wfmyojajebo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wgkighdzslp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4aodzsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4endjwlo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4kndpkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4updpclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4whd5alp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4wkdjshp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sheldon\Cookies\sheldon@e-2dj6wjk4wlajmdp.stats.esomniture[2].txt -> Spyware.Cookie.Eso

[Daemon]

It doesn't look like the full log - could you repost?

Grab a copy of this little free application to help control those tracking cookies in future:

http://www.analogx.c...work/cookie.htm

Could you give me a bit more detail/description on the popups that you are getting?

[JasonBob45]

You're right, that wasn't the entire log. I thought I put all of it there. Oh well, here it is:

[Edit: Ok, I made sure the full log was posted this time and it cut the end off. Let me upload the text file.]

[Edit2: Ok, here is the txt file. Looking at it through Internet Explore removes it's formatting though, but saving it and using notepad should fix that]

The pop ups only seem to show up when I'm loading a web page, but it doesn't happen every time. The contents of the pop ups are completely random I think.

Edited by JasonBob45, 27 December 2005 - 06:33 PM.

[Daemon]

Mostly cookies. Couple more scans.

Download and save backlight to your desktop. Doubleclick blbeta.exe, accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.

Download and run Silent Runners.vbs from HERE

It generates a log, please post the information back in this thread

[JasonBob45]

I apologize for the delay, it couldn't be helped on my part. I appreciate your patients though.

I'm having trouble with posting the Blacklight log. It's much too long for the character limit here, and my uploader isn't going to accept it either (It's a 10mb txt file!)... I'm not sure what to do with it.

I do have my Silent Runner log, though:



"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"Norton SystemWorks" = "C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}" [file not found]
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"UMonit" = ""C:\WINDOWS\System32\umonit.exe"" ["General"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"" [null data]
"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"HPHmon03" = "C:\WINDOWS\System32\hphmon03.exe" ["Hewlett-Packard"]
"HPDJ Taskbar Utility" = ""C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe"" ["HP"]
"DataLayer" = "C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"(Default)" = (empty string)
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ABITEQ" = "C:\Program Files\ABIT\ABITEQ\abiteq.exe -M" [empty string]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll" ["Qualcomm Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{19741013-C829-11D1-8233-0020AF3E97A9}" = "CMCUTIL Menu Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COOLMP~1\CMCUtil.dll" [null data]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 DragDrop Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Property Sheet Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll" ["Qualcomm Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CMCUTIL\(Default) = "{19741013-C829-11D1-8233-0020AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COOLMP~1\CMCUtil.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "C:\Cdrive\Program Files\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 81 Hartwell Ave. Lexington MA"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "C:\Cdrive\Program Files\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 81 Hartwell Ave. Lexington MA"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Jason" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Media Card Companion Monitor" -> shortcut to: "C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe" ["Arcsoft, Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"Shortcut to CCAPP" -> shortcut to: "C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE" ["Symantec Corporation"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Jim" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7}\
"ButtonText" = "Pluck"
"MenuText" = "Pluck"

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools"]
Pml Driver, Pml Driver, "C:\WINDOWS\System32\HPHipm09.exe" ["HP"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 69 seconds, including 18 seconds for message boxes)

Edited by JasonBob45, 02 January 2006 - 12:40 AM.

[Daemon]

Apologies for the delay getting back to you - are you still having problems?

[JasonBob45]

Actually, it's been fixed. Thanks for your help! The solution was as simple as uninstalling something from Add/Remove Programs.. sigh. I didn't think to look there, that would have been too easy! Haha. Anyways, thanks again.

[Daemon]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php