Here is the Spy Sweeper log:
********
1:08 PM: | Start of Session, Sunday, February 26, 2006 |
1:08 PM: Spy Sweeper started
1:08 PM: Sweep initiated using definitions version 556
1:08 PM: Starting Memory Sweep
1:10 PM: Memory Sweep Complete, Elapsed Time: 00:01:35
1:10 PM: Starting Registry Sweep
1:10 PM: Registry Sweep Complete, Elapsed Time:00:00:15
1:10 PM: Starting Cookie Sweep
1:10 PM: Found Spy Cookie: 2o7.net cookie
1:10 PM: sarah@2o7[2].txt (ID = 1957)
1:10 PM: Found Spy Cookie: about cookie
1:10 PM: sarah@about[1].txt (ID = 2037)
1:10 PM: Found Spy Cookie: yieldmanager cookie
1:10 PM: sarah@ad.yieldmanager[1].txt (ID = 3751)
1:10 PM: Found Spy Cookie: adecn cookie
1:10 PM: sarah@adecn[2].txt (ID = 2063)
1:10 PM: Found Spy Cookie: adknowledge cookie
1:10 PM: sarah@adknowledge[2].txt (ID = 2072)
1:10 PM: Found Spy Cookie: specificclick.com cookie
1:10 PM: sarah@adopt.specificclick[2].txt (ID = 3400)
1:10 PM: Found Spy Cookie: adrevolver cookie
1:10 PM: sarah@adrevolver[1].txt (ID = 2088)
1:10 PM: sarah@adrevolver[2].txt (ID = 2088)
1:10 PM: Found Spy Cookie: addynamix cookie
1:10 PM: sarah@ads.addynamix[2].txt (ID = 2062)
1:10 PM: Found Spy Cookie: ads.adsag cookie
1:10 PM: sarah@ads.adsag[2].txt (ID = 2108)
1:10 PM: Found Spy Cookie: belointeractive cookie
1:10 PM: sarah@ads.belointeractive[1].txt (ID = 2295)
1:10 PM: Found Spy Cookie: cc214142 cookie
1:10 PM: sarah@ads.cc214142[2].txt (ID = 2367)
1:10 PM: Found Spy Cookie: pointroll cookie
1:10 PM: sarah@ads.pointroll[2].txt (ID = 3148)
1:10 PM: Found Spy Cookie: adserver cookie
1:10 PM: sarah@adserver[2].txt (ID = 2141)
1:10 PM: Found Spy Cookie: friendfinder cookie
1:10 PM: sarah@ [1].txt (ID = 2165)
1:10 PM: Found Spy Cookie: advertising cookie
1:10 PM: sarah@advertising[2].txt (ID = 2175)
1:10 PM: Found Spy Cookie: falkag cookie
1:10 PM: sarah@as-eu.falkag[1].txt (ID = 2650)
1:10 PM: sarah@as-us.falkag[2].txt (ID = 2650)
1:10 PM: Found Spy Cookie: ask cookie
1:10 PM: sarah@ask[1].txt (ID = 2245)
1:10 PM: Found Spy Cookie: atlas dmt cookie
1:10 PM: sarah@atdmt[2].txt (ID = 2253)
1:10 PM: Found Spy Cookie: belnk cookie
1:10 PM: sarah@ath.belnk[2].txt (ID = 2293)
1:10 PM: Found Spy Cookie: atwola cookie
1:10 PM: sarah@atwola[1].txt (ID = 2255)
1:10 PM: Found Spy Cookie: banner cookie
1:10 PM: sarah@banner[2].txt (ID = 2276)
1:10 PM: sarah@belnk[2].txt (ID = 2292)
1:10 PM: sarah@belointeractive[1].txt (ID = 2294)
1:10 PM: Found Spy Cookie: bluestreak cookie
1:10 PM: sarah@bluestreak[2].txt (ID = 2314)
1:10 PM: Found Spy Cookie: bs.serving-sys cookie
1:10 PM: sarah@bs.serving-sys[1].txt (ID = 2330)
1:10 PM: Found Spy Cookie: casalemedia cookie
1:10 PM: sarah@casalemedia[1].txt (ID = 2354)
1:10 PM: Found Spy Cookie: centrport net cookie
1:10 PM: sarah@centrport[2].txt (ID = 2374)
1:10 PM: Found Spy Cookie: 360i cookie
1:10 PM: sarah@ct.360i[2].txt (ID = 1962)
1:10 PM: sarah@dist.belnk[2].txt (ID = 2293)
1:10 PM: sarah@dying.about[1].txt (ID = 2038)
1:10 PM: Found Spy Cookie: ru4 cookie
1:10 PM: sarah@edge.ru4[1].txt (ID = 3269)
1:10 PM: Found Spy Cookie: fastclick cookie
1:10 PM: sarah@fastclick[1].txt (ID = 2651)
1:10 PM: Found Spy Cookie: clickandtrack cookie
1:10 PM: sarah@hits.clickandtrack[2].txt (ID = 2397)
1:10 PM: Found Spy Cookie: maxserving cookie
1:10 PM: sarah@maxserving[1].txt (ID = 2966)
1:10 PM: sarah@mysa.belointeractive[1].txt (ID = 2295)
1:10 PM: Found Spy Cookie: overture cookie
1:10 PM: sarah@perf.overture[1].txt (ID = 3106)
1:10 PM: Found Spy Cookie: questionmarket cookie
1:10 PM: sarah@questionmarket[1].txt (ID = 3217)
1:10 PM: sarah@quotations.about[1].txt (ID = 2038)
1:10 PM: Found Spy Cookie: realmedia cookie
1:10 PM: sarah@realmedia[1].txt (ID = 3235)
1:10 PM: Found Spy Cookie: valuead cookie
1:10 PM: sarah@reduxads.valuead[1].txt (ID = 3627)
1:10 PM: Found Spy Cookie: revenue.net cookie
1:10 PM: sarah@revenue[1].txt (ID = 3257)
1:10 PM: Found Spy Cookie: serving-sys cookie
1:10 PM: sarah@serving-sys[1].txt (ID = 3343)
1:10 PM: Found Spy Cookie: statcounter cookie
1:10 PM: sarah@statcounter[1].txt (ID = 3447)
1:10 PM: Found Spy Cookie: reliablestats cookie
1:10 PM: sarah@stats1.reliablestats[1].txt (ID = 3254)
1:10 PM: Found Spy Cookie: targetnet cookie
1:10 PM: sarah@targetnet[1].txt (ID = 3489)
1:10 PM: Found Spy Cookie: tradedoubler cookie
1:10 PM: sarah@tradedoubler[2].txt (ID = 3575)
1:10 PM: Found Spy Cookie: trafficmp cookie
1:10 PM: sarah@trafficmp[2].txt (ID = 3581)
1:10 PM: Found Spy Cookie: tribalfusion cookie
1:10 PM: sarah@tribalfusion[2].txt (ID = 3589)
1:10 PM: Found Spy Cookie: tripod cookie
1:10 PM: sarah@tripod[1].txt (ID = 3591)
1:10 PM: Found Spy Cookie: realtracker cookie
1:10 PM: sarah@web4.realtracker[2].txt (ID = 3242)
1:10 PM: sarah@yieldmanager[2].txt (ID = 3749)
1:10 PM: sarah@z1.adserver[1].txt (ID = 2142)
1:10 PM: Found Spy Cookie: zedo cookie
1:10 PM: sarah@zedo[2].txt (ID = 3762)
1:10 PM: mom & dad@2o7[2].txt (ID = 1957)
1:10 PM: mom & dad@adopt.specificclick[2].txt (ID = 3400)
1:10 PM: mom & dad@ [2].txt (ID = 2165)
1:10 PM: Found Spy Cookie: primaryads cookie
1:10 PM: mom & dad@aff.primaryads[2].txt (ID = 3190)
1:10 PM: Found Spy Cookie: apmebf cookie
1:10 PM: mom & dad@apmebf[1].txt (ID = 2229)
1:10 PM: mom & dad@as-us.falkag[1].txt (ID = 2650)
1:10 PM: mom & dad@atdmt[2].txt (ID = 2253)
1:10 PM: Found Spy Cookie: azjmp cookie
1:10 PM: mom & dad@azjmp[2].txt (ID = 2270)
1:10 PM: Found Spy Cookie: bannerspace cookie
1:10 PM: mom & dad@bannerspace[1].txt (ID = 2284)
1:10 PM: Found Spy Cookie: bizrate cookie
1:10 PM: mom & dad@bizrate[2].txt (ID = 2308)
1:10 PM: Found Spy Cookie: bravenet cookie
1:10 PM: mom & dad@bravenet[1].txt (ID = 2322)
1:10 PM: mom & dad@buycom.122.2o7[1].txt (ID = 1958)
1:10 PM: mom & dad@casalemedia[2].txt (ID = 2354)
1:10 PM: mom & dad@centrport[1].txt (ID = 2374)
1:10 PM: Found Spy Cookie: clickbank cookie
1:10 PM: mom & dad@clickbank[2].txt (ID = 2398)
1:10 PM: mom & dad@cnn.122.2o7[1].txt (ID = 1958)
1:10 PM: Found Spy Cookie: commission junction cookie
1:10 PM: mom & dad@commission-junction[2].txt (ID = 2455)
1:10 PM: Found Spy Cookie: hitslink cookie
1:10 PM: mom & dad@counter.hitslink[2].txt (ID = 2790)
1:10 PM: mom & dad@ct.360i[1].txt (ID = 1962)
1:10 PM: Found Spy Cookie: coremetrics cookie
1:10 PM: mom & dad@data.coremetrics[1].txt (ID = 2472)
1:10 PM: mom & dad@data1.perf.overture[1].txt (ID = 3106)
1:10 PM: mom & dad@data2.perf.overture[1].txt (ID = 3106)
1:10 PM: mom & dad@data3.perf.overture[2].txt (ID = 3106)
1:10 PM: mom & dad@data4.perf.overture[2].txt (ID = 3106)
1:10 PM: Found Spy Cookie: dealtime cookie
1:10 PM: mom & dad@dealtime[1].txt (ID = 2505)
1:10 PM: mom & dad@edge.ru4[1].txt (ID = 3269)
1:10 PM: mom & dad@emimusic.122.2o7[1].txt (ID = 1958)
1:10 PM: mom & dad@entrepreneur.122.2o7[1].txt (ID = 1958)
1:10 PM: mom & dad@fastclick[2].txt (ID = 2651)
1:10 PM: Found Spy Cookie: go.com cookie
1:10 PM: mom & dad@go[1].txt (ID = 2728)
1:10 PM: Found Spy Cookie: humanclick cookie
1:10 PM: mom & dad@hc2.humanclick[1].txt (ID = 2810)
1:10 PM: Found Spy Cookie: infospace cookie
1:10 PM: mom & dad@infospace[1].txt (ID = 2865)
1:10 PM: Found Spy Cookie: domainsponsor cookie
1:10 PM: mom & dad@landing.domainsponsor[1].txt (ID = 2535)
1:10 PM: mom & dad@media.fastclick[2].txt (ID = 2652)
1:10 PM: Found Spy Cookie: metareward.com cookie
1:10 PM: mom & dad@metareward[1].txt (ID = 2990)
1:10 PM: mom & dad@microsofteup.112.2o7[1].txt (ID = 1958)
1:10 PM: Found Spy Cookie: nextag cookie
1:10 PM: mom & dad@nextag[1].txt (ID = 5014)
1:10 PM: mom & dad@overture[2].txt (ID = 3105)
1:10 PM: mom & dad@partygaming.122.2o7[1].txt (ID = 1958)
1:10 PM: Found Spy Cookie: partypoker cookie
1:10 PM: mom & dad@partypoker[1].txt (ID = 3111)
1:10 PM: mom & dad@perf.overture[1].txt (ID = 3106)
1:10 PM: Found Spy Cookie: pricegrabber cookie
1:10 PM: mom & dad@pricegrabber[1].txt (ID = 3185)
1:10 PM: mom & dad@questionmarket[1].txt (ID = 3217)
1:10 PM: mom & dad@revenue[1].txt (ID = 3257)
1:10 PM: mom & dad@sel.as-us.falkag[2].txt (ID = 2650)
1:10 PM: Found Spy Cookie: server.iad.liveperson cookie
1:10 PM: mom & dad@server.iad.liveperson[2].txt (ID = 3341)
1:10 PM: mom & dad@serving-sys[2].txt (ID = 3343)
1:10 PM: Found Spy Cookie: servlet cookie
1:10 PM: mom & dad@servlet[1].txt (ID = 3345)
1:10 PM: Found Spy Cookie: spylog cookie
1:10 PM: mom & dad@spylog[2].txt (ID = 3415)
1:10 PM: mom & dad@stat.dealtime[1].txt (ID = 2506)
1:10 PM: mom & dad@statcounter[2].txt (ID = 3447)
1:10 PM: mom & dad@stats1.reliablestats[2].txt (ID = 3254)
1:10 PM: Found Spy Cookie: webtrendslive cookie
1:10 PM: mom & dad@statse.webtrendslive[2].txt (ID = 3667)
1:10 PM: Found Spy Cookie: tickle cookie
1:10 PM: mom & dad@tickle[1].txt (ID = 3529)
1:10 PM: Found Spy Cookie: tracking cookie
1:10 PM: mom & dad@tracking[2].txt (ID = 3571)
1:10 PM: mom & dad@tribalfusion[2].txt (ID = 3589)
1:10 PM: mom & dad@tripod[1].txt (ID = 3591)
1:10 PM: mom & dad@twci.coremetrics[1].txt (ID = 2472)
1:10 PM: mom & dad@ulta.122.2o7[1].txt (ID = 1958)
1:10 PM: Found Spy Cookie: myaffiliateprogram.com cookie
1:10 PM: mom & dad@www.myaffiliateprogram[2].txt (ID = 3032)
1:10 PM: Found Spy Cookie: paypopup cookie
1:10 PM: mom & dad@www222.paypopup[2].txt (ID = 3120)
1:10 PM: mom & dad@z1.adserver[1].txt (ID = 2142)
1:10 PM: mom & dad@zedo[2].txt (ID = 3762)
1:10 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
1:10 PM: Starting File Sweep
1:16 PM: Found System Monitor: potentially rootkit-masked files
1:16 PM: 00063072. (ID = 0)
1:16 PM: 00063067. (ID = 0)
1:16 PM: 00063080. (ID = 0)
1:16 PM: 00063069. (ID = 0)
1:16 PM: 00063065. (ID = 0)
1:16 PM: 00063076. (ID = 0)
1:16 PM: 00063084. (ID = 0)
1:16 PM: 00063068. (ID = 0)
1:16 PM: 00063074. (ID = 0)
1:16 PM: 00063073. (ID = 0)
1:16 PM: 00063082. (ID = 0)
1:16 PM: 00063077. (ID = 0)
1:16 PM: 00063083. (ID = 0)
1:16 PM: 00063079. (ID = 0)
1:16 PM: 00063078. (ID = 0)
1:16 PM: 00063075. (ID = 0)
1:16 PM: 00063085. (ID = 0)
1:16 PM: 00063066. (ID = 0)
1:16 PM: 00063081. (ID = 0)
1:16 PM: 00063070. (ID = 0)
1:16 PM: 00063071. (ID = 0)
1:17 PM: File Sweep Complete, Elapsed Time: 00:06:35
1:17 PM: Full Sweep has completed. Elapsed time 00:08:33
1:17 PM: Traces Found: 139
1:18 PM: Removal process initiated
1:18 PM: Quarantining All Traces: potentially rootkit-masked files
1:18 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
1:18 PM: 00063072. is in use. It will be removed on reboot.
1:18 PM: 00063067. is in use. It will be removed on reboot.
1:18 PM: 00063080. is in use. It will be removed on reboot.
1:18 PM: 00063069. is in use. It will be removed on reboot.
1:18 PM: 00063065. is in use. It will be removed on reboot.
1:18 PM: 00063076. is in use. It will be removed on reboot.
1:18 PM: 00063084. is in use. It will be removed on reboot.
1:18 PM: 00063068. is in use. It will be removed on reboot.
1:18 PM: 00063074. is in use. It will be removed on reboot.
1:18 PM: 00063073. is in use. It will be removed on reboot.
1:18 PM: 00063082. is in use. It will be removed on reboot.
1:18 PM: 00063077. is in use. It will be removed on reboot.
1:18 PM: 00063083. is in use. It will be removed on reboot.
1:18 PM: 00063079. is in use. It will be removed on reboot.
1:18 PM: 00063078. is in use. It will be removed on reboot.
1:18 PM: 00063075. is in use. It will be removed on reboot.
1:18 PM: 00063085. is in use. It will be removed on reboot.
1:18 PM: 00063066. is in use. It will be removed on reboot.
1:18 PM: 00063081. is in use. It will be removed on reboot.
1:18 PM: 00063070. is in use. It will be removed on reboot.
1:18 PM: 00063071. is in use. It will be removed on reboot.
1:18 PM: Quarantining All Traces: 2o7.net cookie
1:18 PM: Quarantining All Traces: 360i cookie
1:18 PM: Quarantining All Traces: about cookie
1:18 PM: Quarantining All Traces: addynamix cookie
1:18 PM: Quarantining All Traces: adecn cookie
1:18 PM: Quarantining All Traces: adknowledge cookie
1:18 PM: Quarantining All Traces: adrevolver cookie
1:18 PM: Quarantining All Traces: ads.adsag cookie
1:18 PM: Quarantining All Traces: adserver cookie
1:18 PM: Quarantining All Traces: friendfinder cookie
1:18 PM: Quarantining All Traces: advertising cookie
1:18 PM: Quarantining All Traces: apmebf cookie
1:18 PM: Quarantining All Traces: ask cookie
1:18 PM: Quarantining All Traces: atlas dmt cookie
1:18 PM: Quarantining All Traces: atwola cookie
1:18 PM: Quarantining All Traces: azjmp cookie
1:18 PM: Quarantining All Traces: banner cookie
1:18 PM: Quarantining All Traces: bannerspace cookie
1:18 PM: Quarantining All Traces: belnk cookie
1:18 PM: Quarantining All Traces: belointeractive cookie
1:18 PM: Quarantining All Traces: bizrate cookie
1:18 PM: Quarantining All Traces: bluestreak cookie
1:18 PM: Quarantining All Traces: bravenet cookie
1:18 PM: Quarantining All Traces: bs.serving-sys cookie
1:18 PM: Quarantining All Traces: casalemedia cookie
1:18 PM: Quarantining All Traces: cc214142 cookie
1:18 PM: Quarantining All Traces: centrport net cookie
1:18 PM: Quarantining All Traces: clickandtrack cookie
1:18 PM: Quarantining All Traces: clickbank cookie
1:18 PM: Quarantining All Traces: commission junction cookie
1:18 PM: Quarantining All Traces: coremetrics cookie
1:18 PM: Quarantining All Traces: dealtime cookie
1:18 PM: Quarantining All Traces: domainsponsor cookie
1:18 PM: Quarantining All Traces: falkag cookie
1:18 PM: Quarantining All Traces: fastclick cookie
1:18 PM: Quarantining All Traces: go.com cookie
1:18 PM: Quarantining All Traces: hitslink cookie
1:18 PM: Quarantining All Traces: humanclick cookie
1:18 PM: Quarantining All Traces: infospace cookie
1:18 PM: Quarantining All Traces: maxserving cookie
1:18 PM: Quarantining All Traces: metareward.com cookie
1:18 PM: Quarantining All Traces: myaffiliateprogram.com cookie
1:18 PM: Quarantining All Traces: nextag cookie
1:18 PM: Quarantining All Traces: overture cookie
1:18 PM: Quarantining All Traces: partypoker cookie
1:18 PM: Quarantining All Traces: paypopup cookie
1:18 PM: Quarantining All Traces: pointroll cookie
1:18 PM: Quarantining All Traces: pricegrabber cookie
1:18 PM: Quarantining All Traces: primaryads cookie
1:18 PM: Quarantining All Traces: questionmarket cookie
1:18 PM: Quarantining All Traces: realmedia cookie
1:18 PM: Quarantining All Traces: realtracker cookie
1:18 PM: Quarantining All Traces: reliablestats cookie
1:18 PM: Quarantining All Traces: revenue.net cookie
1:18 PM: Quarantining All Traces: ru4 cookie
1:18 PM: Quarantining All Traces: server.iad.liveperson cookie
1:18 PM: Quarantining All Traces: serving-sys cookie
1:18 PM: Quarantining All Traces: servlet cookie
1:18 PM: Quarantining All Traces: specificclick.com cookie
1:18 PM: Quarantining All Traces: spylog cookie
1:18 PM: Quarantining All Traces: statcounter cookie
1:18 PM: Quarantining All Traces: targetnet cookie
1:18 PM: Quarantining All Traces: tickle cookie
1:18 PM: Quarantining All Traces: tracking cookie
1:18 PM: Quarantining All Traces: tradedoubler cookie
1:18 PM: Quarantining All Traces: trafficmp cookie
1:18 PM: Quarantining All Traces: tribalfusion cookie
1:18 PM: Quarantining All Traces: tripod cookie
1:18 PM: Quarantining All Traces: valuead cookie
1:18 PM: Quarantining All Traces: webtrendslive cookie
1:18 PM: Quarantining All Traces: yieldmanager cookie
1:18 PM: Quarantining All Traces: zedo cookie
1:19 PM: Preparing to restart your computer. Please wait...
1:19 PM: Removal process completed. Elapsed time 00:01:01
********
1:06 PM: | Start of Session, Sunday, February 26, 2006 |
1:06 PM: Spy Sweeper started
1:07 PM: Your spyware definitions have been updated.
1:08 PM: | End of Session, Sunday, February 26, 2006 |
Here is the updated HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:23:06 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mom & Dad\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.game...aploader_v6.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
So far things seem to be working well. Anything else I should do/know?
Thanks,
-Paul D
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
